Standalone SSL Connection Reset Error

  1. 4 years ago

    Brock N

    17 Oct 2014 Pre-Release Testers, Xojo Pro

    I have a standalone using SSL. It was working great and I have it deployed on an Azure Worker Role.
    But with my previous publish the login page would show and then it would kill the session.
    With my current publish I get a connection reset error whenever I try to connect via HTTPS

    Firefox:

    The connection was reset

    The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

    Chome:

    The connection to ***prefix.myWebsiteUrl.com**** was interrupted.
    Check your Internet connection
    Check any cables and reboot any routers, modems, or other network devices you may be using.
    Allow Chrome to access the network in your firewall or antivirus settings.
    If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
    If you use a proxy server...
    Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server: Go to Applications > System Preferences > Network > Advanced > Proxies and deselect any proxies that have been selected.
    Error code: ERR_CONNECTION_RESET

    Does these mean the app was launched without Https enabled? Can I check to see somehow if the app is listening on the Https port?

  2. Norman P

    17 Oct 2014 Xojo Inc North of 50

    Using SSLv3 or lower ?
    Change to using TLS maybe ?

  3. Brock N

    17 Oct 2014 Pre-Release Testers, Xojo Pro

    @Norman P I have a standalone using SSL. It was working great and I have it deployed on an Azure Worker Role.
    But with my previous publish the login page would show and then it would kill the session.
    With my current publish I get a connection reset error whenever I try to connect via HTTPS

    Change my browser? The certificate? The Xojo App? The server running the Xojo App?

  4. Norman P

    17 Oct 2014 Xojo Inc North of 50

    Update whatever software you wrote using HTTPSecureSockets

    Dunno if Azure may have blocked allowing SSL connections because of POODLE

    Thats the only thing that should have changed recently

  5. Brock N

    17 Oct 2014 Pre-Release Testers, Xojo Pro

    I didn't write anything using HTTPSecureSockets
    This is a WebApp

  6. Norman P

    17 Oct 2014 Xojo Inc North of 50

    How do clients connect to this app ?
    Is it just web browsers ?
    Do they need to use HTTPS ?
    If so then that could be changed because of poodle.

    But I can't tell because this is your app running where ever you have it and your service provider should have notified you IF they were disabling SSL off so that TLS HAD to be used.
    Some have outright disabled SSL and the various fallbacks.

  7. Brock N

    17 Oct 2014 Pre-Release Testers, Xojo Pro
    Edited 4 years ago

    They connect through https on a web browser.
    Currently I have it allowing http traffic but I will eventually need to force it to be https only as this will be a secure payments portal running transactions.

    When I downloaded the public keys for the SSL certificate from GoDaddy I did get two files. One with one long public key and another with 3 short public keys (bunlded). I used the 3 shorter keys, but do I maybe need to use the one long one? Can I use all 4 for Xojo in my cert file?

  8. Norman P

    17 Oct 2014 Xojo Inc North of 50

    No idea about the cert

    But I'd bet the config of whatever server this is on refuses SSL now because of poodle so the browsers need to be told to use TLS

    At least that'd be what I'd be looking at

  9. Greg O

    17 Oct 2014 Xojo Inc

    @Brock N They connect through https on a web browser.
    Currently I have it allowing http traffic but I will eventually need to force it to be https only as this will be a secure payments portal running transactions.

    When I downloaded the public keys for the SSL certificate from GoDaddy I did get two files. One with one long public key and another with 3 short public keys (bunlded). I used the 3 shorter keys, but do I maybe need to use the one long one? Can I use all 4 for Xojo in my cert file?

    Go read my blog post about this: http://www.xojo.com/blog/en/2014/01/web-standalone-ssl.php

  10. Brock N

    20 Oct 2014 Pre-Release Testers, Xojo Pro
    Edited 4 years ago

    I re-keyed the SSL certificate using openSSL on my mac.
    GoDaddy issued me a public key, and public key bundle back.

    I created a file matching the app name with ".crt" and I formatted it like this:

    -----BEGIN CERTIFICATE-----
    <blahblah>
    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----
    <blahblah>

    • ----END CERTIFICATE-----
    • ----BEGIN CERTIFICATE-----

    <blahblah>

    • ----END CERTIFICATE-----
    • ----BEGIN CERTIFICATE-----

    <blahblah>
    -----END CERTIFICATE-----

    -----BEGIN RSA PRIVATE KEY-----
    <blahblah>
    -----END RSA PRIVATE KEY-----

    I put it next to the app and launched it on my windows worker role machine:

    start F:\approot\XojoApp\CBOnline.exe --port=80 --maxPorts=500 --secureport=443 --maxsecuresockets=500

    The site works with http:
    http://demo.connectboosterportal.com/
    But not with https:
    http://demo.connectboosterportal.com/

    The worker role is set to allow traffic in on port 80, 443, and 3389
    I have no idea what else I can do. It simply does not work :(

  11. Eric B

    20 Oct 2014 Arlington, Texas
    Edited 4 years ago

    Not sure if related; however, intermediate certificates are broken within Xojo. I reported this awhile back here (and filed a feedback report on it as well):

    https://forum.xojo.com/13397-stand-alone-ssl-intermediate-certificate

    I noticed too that on his Twitter, Brad has finally come to realize this also... (notice in the link I provided he said it was a FireFox issue). Hi Brad...

  12. Norman P

    20 Oct 2014 Xojo Inc North of 50

    Brad's come to realize that he was wrong ? Wow that ought to be a fun retraction of

    @Brad H Yeah, that's what I meant. The point is, it's a Firefox problem, not a Xojo problem.

    but he won't post it here since he suspended himself.

    I know Greg & Travis are very busy today so you probably won't get a replies from either today.

  13. Brock N

    20 Oct 2014 Pre-Release Testers, Xojo Pro

    I did an SSL Scan for the address:

    https://www.sslshopper.com/ssl-checker.html#hostname=https://demo.connectboosterportal.com

    demo.connectboosterportal.com resolves to 138.91.169.205

    Server Type: Xojo HTTP Server 2014.021

    No SSL certificates were found on demo.connectboosterportal.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.

  14. Brandon W

    20 Oct 2014 Pre-Release Testers, Xojo Pro

    It there a way to have Azure handle the SSL? Just curious...What is the reason to use a Worker Role rather than a Virtual Machine in Azure?

  15. Brock N

    20 Oct 2014 Pre-Release Testers, Xojo Pro

    @Brandon W It there a way to have Azure handle the SSL? Just curious...What is the reason to use a Worker Role rather than a Virtual Machine in Azure?

    The worker role allows me to automate publishing and auto-scale the web app. I've considered setting up a virtual machine but I really dont want to have to set up a reverse proxy in IIS if I can help it.

  16. Greg O

    20 Oct 2014 Xojo Inc

    There are a few things that immediately come to mind:

    1. Are you sure that IIS isn't already binding to port 443?
    2. Are you sure that you have permission to bind to port 443? Have you tried another port (something above 1023) just to be sure?
    3. Is the filesystem case-sensitive? If so, the SSL certificate name must match the application exactly. SSLTest ≠ ssltest.crt

      @Brock N I re-keyed the SSL certificate using openSSL on my mac.

    I'm curious... what do you mean by "re-keyed"?

  17. Greg O

    20 Oct 2014 Xojo Inc
    Edited 4 years ago

    Something else to note...

    Internet Explorer may not come with TLS turned on by default. If you will be connecting to a standalone web app using SSL, you'll need to turn it on:

    1. Go to Tools->Internet Options->Advanced
    2. Scroll all the way to the bottom of the Settings list
    3. Check Use TLS 1.0
  18. Paul S

    20 Oct 2014 Pre-Release Testers, Xojo Pro Europe (Netherlands, Den Haag)

    I' not a specialist in this, but somebody wispered to me following:

    Intermediate certs don't work and have not worked in Xojo.
    A hint for verifying:

    openssl s_client -connect [server]:[port] -servername [servername]
  19. Greg O

    20 Oct 2014 Xojo Inc

    @Paul S I' not a specialist in this, but somebody wispered to me following:

    For what it's worth, I just checked this on OS X, Windows and Linux using our certificate, which has an intermediate bundle with four certificates in it and it works as expected on all three platforms.

    Also, I am not using openssl for verifying, I'm using our supported browsers.

  20. Newer ›

or Sign Up to reply!