Require Only SSL/TLS Connections
I would like to require that only SSL/TLS connections be allowed to my server. This is not to be confused with wanting SSL client authentication. I had initially thought I could do this with ACI using the authmethod="ssl", however after looking at the documentation closely and experimentation this refers to do client based SSL authentication as well. I do have SSL/TLS set up correctly, I just want to disallow non-encrypted traffic.
In OpenLDAP I would merely state "security ssf=128" to require SSL/TLS only connections.
Anyone know how to do this in Sun's Directory Server?
The reason I don't use a firewall (presumedly to block port 389) or set the non-secure port to 0 is that this would disallow TLS on port 389. Hence all I could do is SSL and only 636. I would like to be able to allow only TLS on 389 and not allow non-TLS traffic.
Similar Messages
-
Network security: SSL / TLS connections or not?
Hi,
Our small office-network is administered by a (very good) self-employed debian dev, and in the last six years I have learned a great deal by reading through configfiles on our server. I have even setup my own (modest) homeserver and am very interested in everything about networking.
Earlier this year there were the SSL-vulnerabilities, so I glanced through our own setup and I think I have found a weakness that I'm not sure of if it is serious or not.
Internal authentication is handled with LDAP / Kerberos, so at this level I see no problems, but connections to f.e. our LDAP-server are not protected with SSL or TLS and thus my question: should this not be mandatory on an office network that (although protected by iptables) allows connections with the internet?
Our server handles next to LDAP / Kerberos also apache, postgresql, imap, smtp, calDAV, NFS, cups etc...
THX!Our LDAP-server is used to authenticate users (LAN only), but also as an addressbook (LAN only, although exposed through a local web app).
But other services are exposed to the internet: imap, smtp, http, etc. Whenever I need to add a new device (smartphone f.e.), I'm confronted with the setting 'encryption', which has to be left blank for our setup. That's why I have my doubts...
But you seem to find encryption something 'optional' if I understand you completely. So my doubts are probably not warranted. THX for your reply! -
ACE - Balance HTTP and sticky only SSL/TLS
Hi there,
I have a situation that I am trying to solve. We have lot of services trough ACE, but now I have to modify one of them, PROXY servers.
I have six (6) servers working with Sticky, but with a MASK 255.255.255.0, which produce an unbalanced situation some times, and that affect some servers on depending of how many users connected to that server. We have between 40K and 50K conns in that serverfarm, but in Sticky terms we have arround 700 /24 subnets.
I want to modify the configuration, specificaly the MASK to 255.255.255.255, which is going to increase a lot Sticky resources. But thinking in optimize Sticky resources, I want to know if there is a way to select only e-commerce, Home Banking or other kind of SSL/TSL traffic (always using port 80 trough proxy servers), so I could use Sticky only for connections that need it, and leave other HTTP traffic without this feature.
I´m sorry, may be I'm doing a silly question, but don´t have the experience to make this configuration, and I will apreciate your help.
Here is the actual configuration:
probe tcp HTTP
description Keepalive web servers
interval 20
passdetect interval 30
rserver host Server1
ip address 10.1.1.1
inservice
rserver host Server2
ip address 10.1.1.2
inservice
rserver host Server3
ip address 10.1.1.3
inservice
rserver host Server4
ip address 10.1.1.4
inservice
rserver host Server5
ip address 10.1.1.5
inservice
rserver host Server6
ip address 10.1.1.6
inservice
serverfarm host PRX
failaction purge
predictor leastconns
probe HTTP
rserver Server1
inservice
rserver Server2
inservice
rserver Server3
inservice
rserver Server4
inservice
rserver Server5
inservice
rserver Server6
inservice
sticky ip-netmask 255.255.255.0 address source sticky-PRX
timeout 60
serverfarm PRX
class-map match-any VIP-PRX
2 match virtual-address 10.10.10.101 tcp eq www
policy-map type loadbalance first-match POLICY-L7-PRX
class class-default
sticky-serverfarm sticky-PRX
policy-map multi-match PRX-Balance
class VIP-PRX
loadbalance vip inservice
loadbalance policy POLICY-L7-PRX
loadbalance vip icmp-reply
interface vlan 100
ip address 10.10.10.11 255.255.255.0
alias 10.10.10.10 255.255.255.0
peer ip address 10.10.10.12 255.255.255.0
no normalization
access-group output SOLO-SLB
service-policy input PRX-Balance
Thanks
AlexisYou might want to check out this new product called ITD.
Simple and faster solution:
ITD provides :
ASIC based multi-terabit/s L3/L4 load-balancing at line-rate
No service module or external L3/L4 load-balancer needed. Every N7k port can be used as load-balancer.
Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
IP-stickiness
Resilient (like resilient ECMP)
VIP based L4 load-balancing
NAT (available for EFT/PoC). Allows non-DSR deployments.
Weighted load-balancing
Load-balances to large number of devices/servers
ACL along with redirection and load balancing simultaneously.
Bi-directional flow-coherency. Traffic from A-->B and B-->A goes to same node.
Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
The servers/appliances don’t have to be directly connected to N7k
Monitoring the health of servers/appliances.
N + M redundancy.
Automatic failure handling of servers/appliances.
VRF support, vPC support, VDC support
Supported on both Nexus 7000 and Nexus 7700 series.
Supports both IPv4 and IPv6
N5k / N6k support : coming soon
Blog
At a glance
ITD config guide
Email Query or feedback:[email protected] -
On my iPad 2, how can I verify a secure (SSL, TLS) connection?
After performing a search with the Google Search app and clicking on one of the "result" hyperlinks, I've just made an online purchase from my iPad 2. Soon as I committed to the transaction, I began to look around for some indication that the Google Search browser had actually established an encrypted connection. I became very nervous when I was unable to find something like the "padlock" icon, or even the "https" scheme in the first part of the URL — I guess Google thought such feedback to us users is superfluous or unnecessary information, but that supposition could really get me into trouble if it's not, in fact, true. So, then, how is one to know whether it's safe to conduct sensitive business that includes the sharing of personally identifying information, credit card numbers, etc., with an iPad 2?
NOTE: To be clear, this question assumes that I am working from my own, secure network, not from a public hotspot such as a coffee shop, library, hotel, etc.]Hi, JimHdk!
In the case of doing a Google search from within the Safari app you're correct that the entire URL will display (including the https) and the padlock will display to the left of the page name. However, when doing a Google search using the Google Search app, my iPad's default browser (Safari) is not opened. Instead, the Google Search app runs its own browser that neither displays a padlock icon when it's on a secure connection nor does it display the entire URL — i.e. it "hides" the first scheme (http://) of every URL, displaying only the latter part "www.enterprise.com."
Bill -
Hello all,
I'm a beginner in JavaMail, I have several question, can I use following case:
SMTP + TLS + Authentication
SMTP + TLS + without Authentication
SMTP + Authentication + without TLS
and
SMTP + SSL + TLS + Authentication
SMTP + SSL + TLS + without Authentication
SMTP + SSL + Authentication + without TLS
Because I have the following code, it's correctly work for send a mail with returned Transporter, but no with SMTP only, SMTP + SSL, SMTP + SSL + TLS.
I have the following exception for example:
javax.mail.MessagingException: Exception reading response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Can you give me use properties and means to correctly use SSL and TLS ?
Great thank !
Best regards
Adryen
public static Transport getConnectedTransportForSending(String smtpServer, String username, String password, SmtpServerType protocolSec) throws MessagingException {
Session session = null;
Boolean isWithAuth = (username != null && !username.equals("")) && (password != null && !password.equals(""));
Properties props = new Properties();
String prefixMailSmtp = "mail.smtp";
if (SmtpServerType.SSL.equals(protocolSec)) {
//prefixMailSmtp += "s";
useSSL(props, prefixMailSmtp);
// props.put("mail.transport.protocol", "smtps");
props.put(prefixMailSmtp+".port", "587");
} else if (SmtpServerType.SSLTLS.equals(protocolSec)) {
//prefixMailSmtp += "s";
useSSL(props, prefixMailSmtp);
useTLS(props, prefixMailSmtp);
//props.put("mail.transport.protocol", "smtps");
props.put(prefixMailSmtp+".port", "587");
} else if (SmtpServerType.TLS.equals(protocolSec)) {
useTLS(props, prefixMailSmtp);
//props.put("mail.transport.protocol", "smtp");
props.put(prefixMailSmtp+".port", "25");
} else {
props.put(prefixMailSmtp+".port", "25");
//props.put("mail.transport.protocol", "smtp");
props.put(prefixMailSmtp+".socketFactory.fallback", "false");
if (smtpServer != null) {
props.put(prefixMailSmtp+".host", smtpServer);
if (isWithAuth) {
Authenticator auth = new ServerAuthenticator(username, password);
props.put(prefixMailSmtp+".auth", "true");
session = Session.getInstance(props, auth);
} else {
session = Session.getInstance(props, null);
Transport transporter = session.getTransport("smtp");
transporter.connect(smtpServer, username, password);
return transporter;
private static void useSSL(Properties props, String prefixMailSmtp){
props.put(prefixMailSmtp+".socketFactory.port", "587");
props.put(prefixMailSmtp+".socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.ssl.enable", "true");
private static void useTLS(Properties props, String prefixMailSmtp){
props.put(prefixMailSmtp+".starttls.enable", "true");
public static class ServerAuthenticator extends Authenticator {
private PasswordAuthentication authentication;
public ServerAuthenticator(String username, String password) {
authentication = new PasswordAuthentication(username, password);
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return authentication;You can simplify your code by getting rid of the socket factory stuff.
If you connect using SSL to begin with, there's no need to use "TLS" (by which I assume you mean the STARTTLS command that switches a plain text connection to an SSL/TLS connection).
And of course whether you're required to use SSL or required to use STARTTLS or required to authenticate depends entirely on the configuration of the mail server. -
Hi, experts
I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
94/_wmcs/certification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://server1/_wmcs/certification.
Verifying RMS version for https://server1/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
Request, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
Request)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
est asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
ct state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
OVERALL RESULT: PASS with warnings on disabled features
From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
On my opinion, I don't think it is the real reason.
So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
System Info:
Windows Server 2008 R2 + Exchange Server 2010 SP3 RTMHi
Please have a try with the solution on this KB article
“Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
http://support.microsoft.com/kb/954584/en-us
Cheers
Zi Feng
TechNet Community Support -
ISE: advising users that only EAP-TLS can be used
A large school board accepts only EAP-TLS connections. This requirement is easily dissiminated to teachers, however not to students whose personal devices keep trying to connect using PEAP. Once users connect with EAP-TLS, they are authenticated on AD.
1. Could we from the Switch port block PEAP but let EAP-TLS go through? I couldn't find a command for this.
2. If we can't stop PEAP requests from reaching ISE, could we treat the PEAP connections as CWA, but have a special Authorization Rule that would say if inner tunnel is PEAP then do CWA-nonEAP-TLS web authentication which would be a customized web page that would have a message instructing the students how to use EAP-TLS? would that make sense?
3. Do you have better suggestion how to either block PEAP before it reaches ISE or a way using ISE to let users know that they must use EAP-TLS, not PEAP if they wish to connect?
Thanks.
Cath.Hi Tarik,
Of course, I know about the Allowed Protocol which currently has only Host Lookup and EAP-TLS enabled. But that technique, of not allowing PEAP in ISE Authentication policies, doesn't stop thousands of students devices from hitting ISE with PEAP traffic. Students have heard that they are allowed to connect to the school network using dot1x, so they turn it on on their PC without regards of to which EAP flavour they are supposed to use. Thus, the ISE box getitng hit with PEAP requests which it drops. The school board would like to deal with that PEAP traffic.
To alliviate this problem, of the ISE box getting constantly PEAP traffic from the same device over and over again in the course of a day, I was wondering:
1. can we stop PEAP traffic before it arrives to ISE? is there a way for the switch to differentiate that it's a PEAP and not EAP-TLS and to drop it before passing it to ISE? I don't think so.
2. if the switch can't stop PEAP , how is the best way to have ISE process the PEAP traffic? because if ISE only reject the PEAP traffic, it is constantly hit back that the same device sending over and over PEAP traffic to ISE.
I suggested to the client the two following possible ways:
a. authorization rule based on Network Access: Tunnel PEAP that provides CWA with customized webpage telling the students to use EAP-TLS and not PEAP (this technique is explained in para 2. of my original posting).
b. create a blackhole VLAN where the students personal PC that are arriving with PEAP are put. This VLAN doesn't go anywhere, but at least the PC has stopped hitting ISE with PEAP traffic for a few minutes, until the student decides to restart his/her connection.
I also recommended to the client that they have a better technique to inform the students that only EAP-TLS is available, like posters on the wall, blast email, on School FB page, etc . but information dissimination is not an IT problem, it's a communication problem.
Looking forward to your suggestions. -
Are 128-bit or higher TLS connections supported?
When using EAP extensions to RADIUS, TLS is expressly required (per RFC). The RFCs refer to an LDAP store as well. I need to know if authenticated queries to a 4.x/5.x directory server over a minimium 128-bit TLS connection.
The config thoughts are to have an XP client authenticating to a RADIUS server using EAP and be authenticed to a Win2K/XP(/possibly Solaris 9) server. The EAP authentication would be to a 4.x/5.x directory server over a required 128-bit TLS connection. Does this sound possible with a Sun Directory Server (iPlanet 4.16 SP1 is currently in use)? Will this be supported in the near future (2 months)? Offline discussions may be warranted to clarify the configuration.....iDS 5.1 on Solaris (not Windows) supports TLS with 128 bit encryption. However, I don't know if the 128 bit cipher suites show up in the console for SSL/TLS configuration, so you may have to configure it yourself over LDAP. The Admin Guide and the CLI Guide for iDS 5.1 should explain how to do this.
-
Checking the details of SSL/TLS
In most of common browsers you can check what cryptographic algorithms or security mechanisms are used (and choose them). For example in Firefox (or any other Mozilla software) there's about:config and you can find there things like these:
security.ssl3.dhersa_aes_128sha
security.ssl3.dhersa_aes_256sha
security.ssl3.dhersa_camellia_128sha
security.ssl3.dhersa_camellia_256sha
security.ssl3.ecdhecdsa_aes_128sha
security.ssl3.ecdhecdsa_aes_256sha
security.ssl3.ecdhecdsa_des_ede3sha
and so on.
Thanks to that i know which algorithms is my browser exactly using in SSL/TLS connections. If i think that for example "3DES with EC-Diffie-Hellman and SHA" isn't the most secure set of algorithms for me, i can turn it off. I'd like to know which algorithms do exactly Safari use? It's an important thing because for example FF still uses for example ARC4 algorithm which isn't highly secure.
How to check it?
Safari version: 4.0.4 (531.21.10)
Operating System: Windows XP
Best regards,
MichaelHmmmm ... not a lot of info in the following document from the Safari Development Center, and it's a bit dated too, but just in case it's of any use as a starting point:
[What encryption, authentication, and proxy technologies does Safari support?|http://developer.apple.com/safari/library/qa/qa2009/qa1537.html] -
Can't get SSL/TLS e-mail access working
Am having zero luck trying to get my wife's brand new 9810 to access a pop/imap account on a server where SSL/TLS is mandatory.
Background -- I'm the server admin.
I can access e-mail on the same server/domain from my 9700 Bold running OS 6 - I can do SSL/TLS connections to e-mail just fine.
When I look at the server-side logs when the 9810 is attempting to connect, I see that the SSL/TLS session is not getting established - hence the username/password is never being sent to the server.
The 9810 is running OS 7.1.x - is this version of the OS buggy?
Looking for an e-mail wizard to help me figure this out.Hi and Welcome to the Community!
Please try this:
KB25266 How to enable TLS on a BlackBerry smartphone preloaded with BlackBerry Device Software 6.0 or 7.0
Also, please try integrating from the BB Browser using this url:
www.blackberry.com/integrate
Also try using your carriers BIS site, from a PC/Browser
http://www.blackberryfaq.com/index.php/Where_can_I_log_into_my_BIS_account%3F
If your carrier is not listed, you may need to contact them to find their BIS site, if they have such.
Also, if you talk to them, they should be able to integrate the account as well. Further, if they can't help get it working, they have the power to escalate your case into RIM for enhanced support.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.
Hi .
Apple no longer supports Safari for Windows if that's what you are asking > Apple apparently kills Windows PC support in Safari 6.0
Microsoft has not written IE for Safari for many years. -
I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
server is configured on http port 80
ERROR
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
I've checked proxy server connectivity. I'm able browse following site from WSUS server
http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
I did telnet proxy server on the particular port (8080) and that is also fine.
I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
Any tips appreciated !
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCMHi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
Your reply ("SSL is enabled/configured, and the certificate being used is invalid
(or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
Any other hints where I can prove them it's a sure shot problem from their side.
Thanks again !!
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM -
Crystal Report Server - SMTP over secured connection (SSL/TLS)
<p>Hello All,</p><p>Been looking around information on Crystal Reports Server but have not managed to find the information I need. So was wondering if anyone new if it is possible to distribute reports via SMTP over secured connections such as SSL/TLS using Crystal Reports Server? </p>
Only if the security is external to BO. our SMPT configuration does not have a built in configuration parameter to encrypt data.
Regards,
Tim -
Dreamweaver (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS..."
I am evauating wether to purchase Dreamweaver CS6...
Dreamweaver CS6 trial (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS (explicit encryption)". I have a NEW Godaddy SSL certificate installed on the IIS server.
On connecting Dreamweaver states: "Server Certificate has expired or contains invalid data"
I have tried:
-ALL the Dreamweaver Server setup options
-Using multiple certificates (tried 2048 bit and 4096 bit Godaddy SSL certificates)
-Made sure the certificate 'issued to' domain name matches my domain name.
I am able to connect no problem using Filezilla, with equivalent Filezilla setting "Require explicit FTP over TLS". I can also connect fine using Microsoft Expression web.Thanks for your prompt reply.
My comments:
1) You should update your tread (forums.adobe.com/thread/889530) to reflect that it still occurs on CS6 (I had already read it but figured it was an old tread and thus should be fixed by now).
2) You said “These warnings will also pop up for your users if you have a store saying the SSL certificate does not match the domain/ip and this can make users checking out in a storefront very nervous” . This does not seem to be correct – my https pages display properly using the same Godaddy certificate … using IE:
3) Godaddy is not my host (I use Amazon AWS) – but the SSL certificate is from them. -
Creating a TCP connection with SSL/TLS
Hi,
I am working in a application that depends on the server. I need to estabilish a TCP connection with SSL/Tls secure connection with the server in order to get the datas.
I have the following code structure :
- (id)initWithHostAddressNSString*)_host andPortint)_port
[self clean];
self.host = _host;
self.port = _port;
CFWriteStreamRef writeStream;
CFReadStreamRef readStream;
return self;
-(BOOL)connect
if ( self.host != nil )
// Bind read/write streams to a new socket
CFStreamCreatePairWithSocketToHost(kCFAllocatorDef ault, (CFStringRef)self.host, self.port, &readStream, &writeStream);
return [self setupSocketStreams];
- (BOOL)setupSocketStreams
// Make sure streams were created correctly
if ( readStream == nil || writeStream == nil )
[self close];
return NO;
// Create buffers ---- has not been released , so need to check possible ways to release in future
incomingDataBuffer = [[NSMutableData alloc] init];
outgoingDataBuffer = [[NSMutableData alloc] init];
// Indicate that we want socket to be closed whenever streams are closed
CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
//Indicate that the connection needs to be done in secure manner
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
// We will be handling the following stream events
CFOptionFlags registeredEvents = kCFStreamEventOpenCompleted |
kCFStreamEventHasBytesAvailable | kCFStreamEventCanAcceptBytes |
kCFStreamEventEndEncountered | kCFStreamEventErrorOccurred;
// Setup stream context - reference to 'self' will be passed to stream event handling callbacks
CFStreamClientContext ctx = {0, self, NULL, NULL, NULL};
// Specify callbacks that will be handling stream events
BOOL doSupportAsync = CFReadStreamSetClient(readStream, registeredEvents, readStreamEventHandler, &ctx);
BOOL doSupportAsync1 = CFWriteStreamSetClient(writeStream, registeredEvents, writeStreamEventHandler, &ctx);
NSLog(@"does supported in Asynchrnous format? : %d :%d", doSupportAsync, doSupportAsync1);
// Schedule streams with current run loop
CFReadStreamScheduleWithRunLoop(readStream, CFRunLoopGetCurrent(), kCFRunLoopDefaultMode);
CFWriteStreamScheduleWithRunLoop(writeStream, CFRunLoopGetCurrent(), kCFRunLoopDefaultMode);
// Open both streams
if ( ! CFReadStreamOpen(readStream) || ! CFWriteStreamOpen(writeStream))
// close the connection
return NO;
return YES;
// call back method for reading
void readStreamEventHandler(CFReadStreamRef stream,CFStreamEventType eventType, void *info)
Connection* connection = (Connection*)info;
[connection readStreamHandleEvent:eventType];
// call back method for writing
void writeStreamEventHandler(CFWriteStreamRef stream, CFStreamEventType eventType, void *info)
Connection* connection = (Connection*)info;
[connection writeStreamHandleEvent:eventType];
`
As above, I have used
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelSSLv3);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelSSLv3);
in order to make a secured connection using sockets.
The url i am using is in the format "ssl://some domain.com"
But in my call back method i am always getting only kCFStreamEventErrorOccurred for CFStreamEventType .
I also tried with the url "https://some domain.com" ,but getting the same error.
i also commented out setting kCFStreamPropertySocketSecurityLevel, but still i am receiving the same error that i mentioned above.
I dont know how it returns the same error. I have followed the api's and docs , but they mentioned the same way of creating a connection as i had given above.
I tried to get the error using the following code :
CFStreamError error = CFWriteStreamGetError(writeStream);
CFStreamErrorDomain errDomain = error.domain;
SInt32 errCode = error.error;
The value for errCode is 61 and errDomain is kCFStreamErrorDomainPOSIX. so i checked out the "errno.h", it specifies errCode as "Connection refused"
I need a help to fix this issue.
If the above code is not the right one,
**(i)how to create a TCP connection with SSL/TLS with the server.**
**(ii)How the url format should be(i.e its "ssl://" or "https://").**
**(iii)If my above code is correct where lies the error.**
I hope the server is working properly. Because I can able to communicate with the server and get the datas properly using BlackBerry and android phones. They have used SecuredConnection api's built in java. Their url format is "ssl://" and also using the same port number that i have used in my code.
Any help would be greatly appreciated.
Regards,
Mohammed Sadiq.Hello Naxito. Welcome to the Apple Discussions!
Try the following ...
Perform a "factory default" reset of the AX
o (ref: http://docs.info.apple.com/article.html?artnum=108044)
Setup the AX
Connect to the AX's wireless network, and then, using the AirPort Admin Utility, try these settings:
AirPort tab
o Base Station Name: <whatever you wish or use the default>
o AirPort Network Name: <whatever you wish or use the default>
o Create a closed network (unchecked)
o Wireless Security: Not enabled
o Channel: Automatic
o Mode: 802.11b/g Compatible
Internet tab
o Connect Using: Ethernet
o Configure: Manually
o IP address: <Enter your college-provided IP address>
o Subnet mask: <Enter your college-provided subnet mask IP address>
o Router address: <Enter your college-provided router IP address>
o DNS servers: <Enter your college-provided DNS server(s)
o WAN Ethernet Port: Automatic
<b>Network tab
o Distribute IP addresses (checked)
o Share a single IP address (using DHCP & NAT) (enabled)
Maybe you are looking for
-
HP Print Control App for Iphone
I have down loaded the HP Print Control App from the app store. I am unable to connect to my macbook. I have spoken with Apple and they have indicated this is an hp issue Please help if anyone knows a way to mak this work
-
I need to know how to fix this. I updated itunes and it created a new itunes folder on my hard drive after I ported all of it to an external for space concerns. It took all my files from that folder and recreated part of it to my hard drive. Now when
-
Search Box css problem in Ensemble2 with Win Xp
Hi guys, I've notice a problem in style of search box in ensemble example. When the search box get the focus, the blue selection has not round corner as you can see here: http://justpaste.it/1h61 This problem is present also in Windows Xp sp3. Why th
-
How to search content in repository through portal
i want to search the content present in my content repository with input as a string ,which will be searched in content and displayed through portal. or can i navigate bea content search into portal
-
Is it a bug if a training 'nX' specifier is ignored with advance='NO'?
I found that Sun Fortran does not count blanks from an 'nX' specifier when writing with advance='NO'. For example, this code: write(*,'(A,4X)',advance='NO') '1' write(*,'(A)') '2' write(*,'(A,4(" "))',advance='NO') '1' write(*,'(A)') '2' end results