Standalone SSL Connection Reset Error

I have a standalone using SSL. It was working great and I have it deployed on an Azure Worker Role.
But with my previous publish the login page would show and then it would kill the session.
With my current publish I get a connection reset error whenever I try to connect via HTTPS

Firefox:

[quote]The connection was reset

The connection to the server was reset while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

[/quote]

Chome:

[quote]The connection to prefix.myWebsiteUrl.com* was interrupted.
Check your Internet connection
Check any cables and reboot any routers, modems, or other network devices you may be using.
Allow Chrome to access the network in your firewall or antivirus settings.
If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
If you use a proxy server…
Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don’t believe you should be using a proxy server: Go to Applications > System Preferences > Network > Advanced > Proxies and deselect any proxies that have been selected.
Error code: ERR_CONNECTION_RESET[/quote]

Does these mean the app was launched without Https enabled? Can I check to see somehow if the app is listening on the Https port?

Using SSLv3 or lower ?
Change to using TLS maybe ?

[quote=135913:@Norman Palardy]I have a standalone using SSL. It was working great and I have it deployed on an Azure Worker Role.
But with my previous publish the login page would show and then it would kill the session.
With my current publish I get a connection reset error whenever I try to connect via HTTPS[/quote]

Change my browser? The certificate? The Xojo App? The server running the Xojo App?

Update whatever software you wrote using HTTPSecureSockets

Dunno if Azure may have blocked allowing SSL connections because of POODLE

Thats the only thing that should have changed recently

I didn’t write anything using HTTPSecureSockets
This is a WebApp

How do clients connect to this app ?
Is it just web browsers ?
Do they need to use HTTPS ?
If so then that could be changed because of poodle.

But I can’t tell because this is your app running where ever you have it and your service provider should have notified you IF they were disabling SSL off so that TLS HAD to be used.
Some have outright disabled SSL and the various fallbacks.

They connect through https on a web browser.
Currently I have it allowing http traffic but I will eventually need to force it to be https only as this will be a secure payments portal running transactions.

When I downloaded the public keys for the SSL certificate from GoDaddy I did get two files. One with one long public key and another with 3 short public keys (bunlded). I used the 3 shorter keys, but do I maybe need to use the one long one? Can I use all 4 for Xojo in my cert file?

No idea about the cert

But I’d bet the config of whatever server this is on refuses SSL now because of poodle so the browsers need to be told to use TLS

At least that’d be what I’d be looking at

[quote=135940:@Brock Nash]They connect through https on a web browser.
Currently I have it allowing http traffic but I will eventually need to force it to be https only as this will be a secure payments portal running transactions.

When I downloaded the public keys for the SSL certificate from GoDaddy I did get two files. One with one long public key and another with 3 short public keys (bunlded). I used the 3 shorter keys, but do I maybe need to use the one long one? Can I use all 4 for Xojo in my cert file?[/quote]
Go read my blog post about this: http://www.xojo.com/blog/en/2014/01/web-standalone-ssl.php

I re-keyed the SSL certificate using openSSL on my mac.
GoDaddy issued me a public key, and public key bundle back.

I created a file matching the app name with “.crt” and I formatted it like this:

I put it next to the app and launched it on my windows worker role machine:

start F:\\approot\\XojoApp\\CBOnline.exe --port=80 --maxPorts=500 --secureport=443 --maxsecuresockets=500

The site works with http:
http://demo.connectboosterportal.com/
But not with https:
http://demo.connectboosterportal.com/

The worker role is set to allow traffic in on port 80, 443, and 3389
I have no idea what else I can do. It simply does not work :frowning:

Not sure if related; however, intermediate certificates are broken within Xojo. I reported this awhile back here (and filed a feedback report on it as well):

https://forum.xojo.com/13397-stand-alone-ssl-intermediate-certificate

I noticed too that on his Twitter, Brad has finally come to realize this also… (notice in the link I provided he said it was a FireFox issue). Hi Brad…

Brad’s come to realize that he was wrong ? Wow that ought to be a fun retraction of

but he won’t post it here since he suspended himself.

I know Greg & Travis are very busy today so you probably won’t get a replies from either today.

I did an SSL Scan for the address:

https://www.sslshopper.com/ssl-checker.html#hostname=https://demo.connectboosterportal.com

[quote]demo.connectboosterportal.com resolves to 138.91.169.205

Server Type: Xojo HTTP Server 2014.021

No SSL certificates were found on demo.connectboosterportal.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.[/quote]

It there a way to have Azure handle the SSL? Just curious…What is the reason to use a Worker Role rather than a Virtual Machine in Azure?

The worker role allows me to automate publishing and auto-scale the web app. I’ve considered setting up a virtual machine but I really dont want to have to set up a reverse proxy in IIS if I can help it.

There are a few things that immediately come to mind:

  1. Are you sure that IIS isn’t already binding to port 443?
  2. Are you sure that you have permission to bind to port 443? Have you tried another port (something above 1023) just to be sure?
  3. Is the filesystem case-sensitive? If so, the SSL certificate name must match the application exactly. SSLTest ? ssltest.crt

I’m curious… what do you mean by “re-keyed”?

Something else to note…

Internet Explorer may not come with TLS turned on by default. If you will be connecting to a standalone web app using SSL, you’ll need to turn it on:

  1. Go to Tools->Internet Options->Advanced
  2. Scroll all the way to the bottom of the Settings list
  3. Check Use TLS 1.0

I’ not a specialist in this, but somebody wispered to me following:

[quote]Intermediate certs don’t work and have not worked in Xojo.
A hint for verifying:

openssl s_client -connect [server]:[port] -servername [servername]

[/quote]

For what it’s worth, I just checked this on OS X, Windows and Linux using our certificate, which has an intermediate bundle with four certificates in it and it works as expected on all three platforms.

Also, I am not using openssl for verifying, I’m using our supported browsers.

[quote=136540:@Greg O’Lone]
Internet Explorer does not come with TLS turned on by default. [/quote]
V11 seems to but folks should at least verify its on