Jump to content
Ketarin forum

errors: Could not create SSL/TLS secure channel


shawn
 Share

Recommended Posts

Seeing tons of these errors, "Could not create SSL/TLS secure channel", in the errors log (128 failed). Looks like each and every one that uses https since patch tuesday.

 

Google suggests this may be an issue with the way Ketarin WebRequest object SecurityProtocol support. That is, in WebClient.cs, line 172 should be changed from this:

 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;

 

To something like this:

 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

 

That should allow TLS 1.2 and 1.1, which are the currently preferred protocols.

Link to comment
Share on other sites

Here's an app profile that demonstrates the problem:

 

<?xml version='1.0' encoding='utf-8'?>
<Jobs>
  <ApplicationJob xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Guid="a30e2cce-3ab4-4069-8642-7f6dbf7119e1">
    <Category>Tools</Category>
    <WebsiteUrl />
    <UserAgent />
    <UserNotes />
    <IgnoreFileInformation>false</IgnoreFileInformation>
    <DownloadBeta>Default</DownloadBeta>
    <DownloadDate xsi:nil="true" />
    <CheckForUpdatesOnly>false</CheckForUpdatesOnly>
    <VariableChangeIndicator>version</VariableChangeIndicator>
    <CanBeShared>true</CanBeShared>
    <ShareApplication>false</ShareApplication>
    <ExclusiveDownload>false</ExclusiveDownload>
    <HttpReferer />
    <SetupInstructions />
    <Variables>
      <item>
        <key>
          <string>version</string>
        </key>
        <value>
          <UrlVariable>
            <RegexRightToLeft>false</RegexRightToLeft>
            <VariableType>RegularExpression</VariableType>
            <Regex>trimcheck v([\d\.]+)</Regex>
            <Url>https://github.com/CyberShadow/trimcheck/blob/master/README.md</Url>
            <Name>version</Name>
          </UrlVariable>
        </value>
      </item>
      <item>
        <key>
          <string>dl</string>
        </key>
        <value>
          <UrlVariable>
            <RegexRightToLeft>false</RegexRightToLeft>
            <VariableType>RegularExpression</VariableType>
            <Regex>"(trimcheck[^"]+exe)"</Regex>
            <Url>http://files.thecybershadow.net/trimcheck/</Url>
            <Name>dl</Name>
          </UrlVariable>
        </value>
      </item>
    </Variables>
    <ExecuteCommand />
    <ExecutePreCommand />
    <ExecuteCommandType>Batch</ExecuteCommandType>
    <ExecutePreCommandType>Batch</ExecutePreCommandType>
    <SourceType>FixedUrl</SourceType>
    <DeletePreviousFile>true</DeletePreviousFile>
    <Enabled>true</Enabled>
    <FileHippoId />
    <TargetPath>..\{category}\{appname:regexreplace:([\s\t\r\n\-\\&\/]+):_}-{version}.{url:ext}</TargetPath>
    <FixedDownloadUrl>http://files.thecybershadow.net/trimcheck/{dl}</FixedDownloadUrl>
    <Name>TrimCheck</Name>
  </ApplicationJob>
</Jobs>

 

In order to update it checks the value of the version variable against the readme file on github. Github imposes SSL via only

TLS 1.2, TLS 1.1, and TLS 1.0 (per digicert). Since Github removed SSL3 support last October and Microsoft altered their TLS 1.0 support on Tuesday, the cypher support that Ketarin uses has been failing.

 

It's possible that this is failing on every site that has removed SSL3 support and prioritizes a weak TLS 1.0 cypher.

Link to comment
Share on other sites

Mea culpa. This was on me. My upgrade routine disabled weak cyphers on XP, but the check failed to properly check the OS, so it disabled RC2, RC4 and SHA for all OSes. Caused some other major issues too. :(

 

Fixed it on my end, and everything is working again.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.