xojo.Net.HTTPSocket not connecting with HTTPS on Windows 7

So recently I’ve developed a basic licensing system for a couple of Xojo developed apps I plan to start selling later this year. Server-client communications for this system where developed and tested using HTTP using the xojo.Net.HTTPSocket.

This week I bought and installed a RapidSSL certificate on the server. I switched over to HTTPS in my Xojo code, and things are working fine from my home PC, and on two of my client’s PCs. BUT, from my work PC, the PageReceived event is for some reason never raised.

I decided to do some investigation using the classic HTTPSecureSocket, and made some interesting findings. First I will show the code that does NOT work, then I will show how I got the HTTPS connection to work using the classic HTTPSecureSocket.

Code that does NOT work:

xojo.Net.HTPPSocket:

NewSocket.Send("GET", "https://www.zoclee.com")

HTTPSecureSocket:

  ClassicSocket.Secure = true
  ClassicSocket.Get("www.zoclee.com")

Now how I got the connection to work with the classic HTTPSecureSocket:

  ClassicSocket.Secure = true
  ClassicSocket.ConnectionType = SSLSocket.SSLv23
  ClassicSocket.Get("www.zoclee.com")

OR

  ClassicSocket.Secure = true
  ClassicSocket.ConnectionType = SSLSocket.TLSv12
  ClassicSocket.Get("www.zoclee.com")

All the other connection types fails. So to summarize, from my work PC I can establish comms using the classic HTTPSecureSocket as long as I set the ConnectionType on the CLASSIC socket to either SSLv23 or TLSv12. But these settings does not seem to be an issue from my home and client’s PCs?

The major problem is if I run into the problem at my work PC it is bound to happen on some future clients’ PCs as well, and I need to find a proper fix for this.

Is there a way to specify this connection type on the xojo.Net.HTTPSocket? or does anyone perhaps understand the above scenario?

I would REALLY LIKE to move forward with the xojo.Net.HTTPSocket, instead of falling back to HTTP 1.0 with the classic socket as a workaround.

Any help, information or suggestions would be much appreciated.

UPDATE: After reading about the difference between SSL and TLS I now at least understand that much better.

So my question really changes to, how can I get xojo.Net.HTTPSocket to connect to my server using SSLSocket.TLSv12?

Does anybody have an idea why the connection works from some PCs and not others?

PS. It seems to work from Windows 10 machines, but fails on my Windows 7 work PC?

If it helps, the Error event of the xojo.Net.HTTPSocket object returns the following message:

An error occurred in the secure channel support

[quote=323872:@Alwyn Bester]If it helps, the Error event of the xojo.Net.HTTPSocket object returns the following message:

An error occurred in the secure channel support

Is your server’s ssl certificate set up correctly and Is it a real cert? The new socket will refuse to connect if it can’t validate the connection for some reason. Including being a self-signed certificate.

You can test this by setting the ValidateCertificates property to False.

I assume the server’s ssl certificate is set up correctly (the hosting company set it up for me), since I can connect to it directly with Chrome and Internet Explorer.

https://www.zoclee.com

If you mean by real cert, a paid for certificate, then yes, it is a real cert.

Some more info Greg, I can confirm that it works without error on Windows 10. I just tested from my work network on our administrators machine which is Windows 10 and it works. So it is not a firewall issue. All the windows 10 machines connects via Xojo without problem. It only fails on Windows 7 for some reason.

I suspect the server only allows TLS 1.2 connections, but for some reason, on Windows 7, it tries to connect with a protocol other than TLS 1.2.

That will explain why with the classic HTTPSecureSocket when I force TLS 1.2 it makes the connection?

I have even set Internet Explorer to only use TLS 1.2 as an attempt to get the xojo.net.Connection to use TLS 1.2.

PS. I’ve also tried the ValidateCertificates = false and still the same error.

  NewSocket.ValidateCertificates = false
  NewSocket.Send("GET", "https://www.zoclee.com")

An error occurred in the secure channel support

Bump…

Just wondering if anyone has any suggestions or experience with this issue. If not I will have to revert back to the old HTTPSecureSocket which uses HTTP 1.0

Should I create a feedback ticket for this issue?

[quote=323887:@Alwyn Bester]PS. I’ve also tried the ValidateCertificates = false and still the same error.

  NewSocket.ValidateCertificates = false
  NewSocket.Send("GET", "https://www.zoclee.com")

An error occurred in the secure channel support [/quote]
Now that really surprises me.

You shouldn’t have to do that. [quote=323883:@Alwyn Bester]It only fails on Windows 7 for some reason.[/quote]
It could be that the underlying socket framework that we’re using was either too old or had a bug on Windows 7. Make sure that it is completely up to date.

Absolutely. I’d love to see this in action.

I’ve created a feedback ticket together with the sample project that I’m using for testing.

<https://xojo.com/issue/47613>

How would I go about to verify if the underlying socket framework is up to date?

FWIW, I can access the HTTPS URL from the PC using Internet Explorer, which I would expect is using the same underlying socket framework.

Is there any other information I can provide?

[quote=324314:@Alwyn Bester]How would I go about to verify if the underlying socket framework is up to date?

FWIW, I can access the HTTPS URL from the PC using Internet Explorer, which I would expect is using the same underlying socket framework.[/quote]
You can’t. This is something that we’re going to have to look at. Windows provides more than one, so just because a browser connects, doesn’t mean that we can.

O ok, thanks Greg.

I was thinking, surely xojo.net.HTTPSocket should have a ConnectionType property similar to the classic socket.

There might be times where you have to control how a HTTPS connection is established with the server, and not rely on the client to “guess” the connection method (e.g. SSL or TLS).

Or how else will the new socket deal with different SSL connection methods?

Basically, you don’t need to worry about it. Just like you don’t need to worry about the connection type in your browser.

I recently ran into this as well, here’s the issue from one of my projects if you’re curious of the details and what I did to fix it: https://github.com/thommcgrath/Beacon/issues/32

Or the TL;DR version: Windows 7 and Windows 8.0 do not support TLS 1.1 and 1.2 by default. They require an optional update (KB3140245) to enable it.

Thanks Thom, this is a big help

I decided though to roll back to HTTPSecureSocket for now, for I prefer to deploy apps to clients that runs out the box, without them requiring any additional effort to get the app to work (regardless of the operating system they use).

I thought about using compiler directives to use xojo.Net.HTTPsocket for Windows 10+ machines, and sticking to HTTPSecureSocket for older machines… that way I can drop support for HTTPSecureSocket when the time is right and the majority of users are on Windows 10.

Well if you look at the commit associate with the issue https://github.com/thommcgrath/Beacon/commit/206478d33bef3605e87f460fbecc2dff1cd80a00 you can see how I have InnoSetup create the necessary registry keys, as long as they do not already exist. Might be an option for your installer.

That is worth gold!

Thanks Thom, I will definitely add it to my installer (also InnoSetup) and give it a shot.

PS. Just had a look at your project. One of the guys I work with is a big Ark fan, and are also busy learning Xojo. Will send him your GitHub link. Not sure myself what Ark beacons are but I’m sure he’ll enlighten me

Just to confirm, your registry keys did the trick Thom

Thanks so much.

Excellent