HTTPSecureSocket error code on some adresses

  1. 2 weeks ago

    hello,

    i bumped into some error accesing some url adresses on the web. error 102 and some error 400.

    i just do :

    myHttps = new HTTPSecureSocket
    myHttps.Secure = True
    myHttps.ConnectionType = SSLSocket.SSLv23

    and i uses web pages adresses. usually works good. except on one case :
    https://www.la-croix.com/Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951
    return error 102.

    plus in general, if i send a xojo forum link like :
    https://forum.xojo.com/47470-stackview-1-06-is-now-available/0#p385354
    i have a error 400, bad request
    so i'm wondering in general what's the difference when webkit sends a request to a request send by httpsocket ? do i have to send headers, user agent or something ?
    thanks

    I've tested the two urls with the classic HTTPSecureSocket:

    * https://www.la-croix.com/Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951
    this server requires the SNI extension which is not available in the classic HTTPSecureSocket, see Feedback Case #46495

    * https://forum.xojo.com/47470-stackview-1-06-is-now-available/0#p385354
    this server denies connection with TLS1.0, which is the default ConnectionType. From Xojo 2017r3 onwards SSLv23 will be the most compatible one (including TLS! see Feedback Case #49232), otherwise use TLSv11 or TLSv12. The Error 400 is returned if you fail to prepare the URL correctly. The part starting with the Hashtag (#) must not be sent in the HTTP request, it is to be processed by the client/browser.

  2. Christian S

    May 13 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    SSL version 2/3 is over 10 years old and newer servers don't accept it any more.
    Please use TLS 1.2.

  3. Greg O

    May 13 Xojo Inc Somewhere near Raleigh, NC
    Edited 2 weeks ago

    @ChristianSchmitz SSL version 2/3 is over 10 years old and newer servers don't accept it any more.
    Please use TLS 1.2.

    SSLv23 is actually a “negotiated” connection mode that will start with TLS and work it’s way down until it finds one that works.

    My guess is that they require a user-agent header to make them think you’re a browser.

  4. @ChristianSchmitz SSL version 2/3 is over 10 years old and newer servers don't accept it any more.
    Please use TLS 1.2.

    I used .ConnectionType = SSLSocket.SSLv23 because it says in the doc :

    A TLS/SSL connection established with this constant may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.

    @Greg OLone My guess is that they require a user-agent header to make them think you’re a browser.

    yes well didn’t find how make the request work yet.

    i tried the link
    https://www.la-croix.com/Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951

    in a sample xojo app, still error 102.

    i use Paw to test get/post http apis, and Paw can get the page. so i examined the headers of paw and copy them in xojo :

    raw headers in paw :

    GET /Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951 HTTP/1.1
    Cookie: device_view=full; lcx_read_articles=%5B1200935951%5D
    Host: www.la-croix.com
    Connection: close
    User-Agent: Paw/3.1.6 (Macintosh; OS X/10.13.4) GCDHTTPRequest

    in xojo :
    DataSocket.SetRequestHeader("Cookie","device_view=full")
    DataSocket.SetRequestHeader("Host","www.la-croix.com")
    DataSocket.SetRequestHeader("Connection","close")
    DataSocket.SetRequestHeader("User-Agent","Paw/3.1.6 (Macintosh; OS X/10.13.4) GCDHTTPRequest")

    i’ve noticed that in xojo there is 2 more headers at first
    Accept : */*
    Accept-Language en
    .

    so i tried to remov them and and only what is needed, still doesn’t work.

    so technically, do browser send other infos others that that ?

  5. Christian S

    May 13 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    Did you try my MBS Xojo CURL Plugin with CURLSMBS class?
    It may show more details in debug log.

    And it allows to use a client side SSL certificate.

  6. yes lol just done that before seeing your messagte:), just did it it worked. i just paste into the example
    "CURLS get and put web" my probematic url :

    dim c as new CURLSMBS
    c.OptionVerbose=true
    c.OptionURL = "https://www.la-croix.com/Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951"
    c.CollectDebugData = True
    c.CollectOutputData = true

    title=str(c.Perform)

    StaticText3.text=ReplaceLineEndings(c.OutputData,EndOfLine

    and boom without any more settings i had the html result ! :)

    yes maybe it's time for curl ;)

  7. Christian S

    May 13 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    What is reported in debug data property?

  8. Trying 52.85.26.178...
    TCP_NODELAY set
    Connected to www.la-croix.com (52.85.26.178) port 443 (#0)
    ALPN, offering http/1.1
    TLSv1.2 (OUT), TLS handshake, Client hello (1):
    TLSv1.2 (IN), TLS handshake, Server hello (2):
    TLSv1.2 (IN), TLS handshake, Certificate (11):
    TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    TLSv1.2 (IN), TLS handshake, Server finished (14):
    TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    TLSv1.2 (OUT), TLS handshake, Finished (20):
    TLSv1.2 (IN), TLS handshake, Finished (20):
    SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    ALPN, server accepted to use http/1.1
    Server certificate:
    subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=la-croix.com
    start date: Sep 20 00:00:00 2017 GMT
    expire date: Sep 20 23:59:59 2019 GMT
    issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
    SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    GET /Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951 HTTP/1.1
    Host: www.la-croix.com
    Accept: */*

    HTTP/1.1 200 OK
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: no-cache
    Cache-Control: no-cache
    Date: Sun, 13 May 2018 22:00:37 GMT
    Server: Apache
    Set-Cookie: lcx_read_articles=%5B1200935951%5D; expires=Mon, 14-May-2018 22:00:37 GMT; Max-Age=86400; path=/; httponly
    Set-Cookie: device_view=full; expires=Wed, 13-Jun-2018 22:00:00 GMT; Max-Age=2678363; path=/; httponly
    Strict-Transport-Security: max-age=63072000;
    X-Front: 1
    Vary: Accept-Encoding
    X-Cache: Miss from cloudfront
    Via: 1.1 203700488c9ed3bee7a5581d494d0b9f.cloudfront.net (CloudFront)
    X-Amz-Cf-Id: Z071nDFaKFfpDRBAkmhfZAWmd5IcwkB7fD6xfy8R7DEj0LRQYJusKQ==

    Connection #0 to host www.la-croix.com left intact

  9. Tobias B

    May 14 Pre-Release Testers, Xojo Pro Answer Bern, Switzerland

    I've tested the two urls with the classic HTTPSecureSocket:

    * https://www.la-croix.com/Debats/Chroniques/guerre-mort-culture-contre-lart-2018-05-02-1200935951
    this server requires the SNI extension which is not available in the classic HTTPSecureSocket, see Feedback Case #46495

    * https://forum.xojo.com/47470-stackview-1-06-is-now-available/0#p385354
    this server denies connection with TLS1.0, which is the default ConnectionType. From Xojo 2017r3 onwards SSLv23 will be the most compatible one (including TLS! see Feedback Case #49232), otherwise use TLSv11 or TLSv12. The Error 400 is returned if you fail to prepare the URL correctly. The part starting with the Hashtag (#) must not be sent in the HTTP request, it is to be processed by the client/browser.

  10. thanks a lot for those explanation, by the way if you are on the mac side, what are the tools to see those types of information ? thx

  11. Tobias B

    May 14 Pre-Release Testers, Xojo Pro Bern, Switzerland

    Yes, I'm using macOS. Most tests I do with curl from the Terminal. To mimic what the HTTPSecureSocket is doing, I start with parameters like the following:

    curl --head --location --http1.0 --tls-max 1.2 --ipv4 --verbose --insecure

    Here does --insecure / -k disable the SNI extension, tls-max mimics the SSLv23. In my tests, --tlsv1.2 and --tlsv1.1 seem broken and imply --tlsv1.0 but --tlsv1 / -1 may be worth a try.
    Further comparing the traffic a browser, curl and the Xojo Socket produces with Wireshark can help to track down several issues.

  12. Hi,
    just to say that today I too have got the same problem (HTTPSecureSocket error code 102).

or Sign Up to reply!