Sslv3 poodle vulnerability and sharepoint site using https

Similar Messages

• HTTPS SharePoint site with HTTPS Provider hosted app - The remote certificate is invalid according to the validation procedure

  We have SharePoint 2013 site configured with SSL and we have developed a provider hosted app which interacts with SharePoint list.
  If we try accessing the Provider hosted app from the SharePoint site with HTTP [http://mysharepointsite.com/] there are no any errors thrown.
  But whenever the same Provider hosted app is tried accessing from the same SharePoint site using https address
  [https://mysharepointsite.com/] we are getting below error:
  The remote certificate is invalid according to the validation procedure.
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
  Stack Trace:
  [AuthenticationException: The remote certificate is invalid according to the validation procedure.]
  System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) +2983172
  System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) +473
  System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) +86
  System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) +262
  System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) +473
  System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) +86
  System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) +262
  System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) +473
  System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) +86
  System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) +262
  System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) +473
  System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) +8530566
  System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) +230
  System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) +645
  System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) +9
  System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) +87
  System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) +1467
  System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) +84
  System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) +22
  System.Net.ConnectStream.WriteHeaders(Boolean async) +761
  [WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.]
  System.Net.HttpWebRequest.GetResponse() +8534156
  Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() +58
  Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb) +975
  ProviderHostedHTTPSWeb.Default.Page_Load(Object sender, EventArgs e) +348
  System.Web.UI.Control.LoadRecursive() +71
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3178
  We have already added the certificate used for the SharePoint site and the provider hosted app in the SharePoint central admin trusts.
  Any idea's how can I resolve this issue?

  Hi,
  According to your post, my understanding is that you failed to access provider host app using https.
  The reason for this is that SharePoint implements its own certificate validation policy to override .NET certificate validation.
  Fix is to setup a trust between SharePoint and the server requiring certificate validation.
  For more information, you can refer to:
  http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/could-not-establish-trust-relationship-for-ssl-tls-secure-channel.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Not able to open office documents from SharePoint site using Forms auth on a Mac with Office 2011

  I posted the same question on the Mac Office forum (http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macstart/not-able-to-open-office-documents-from-sharepoint/7fba517b-ebd1-4e90-a54a-c70c5f035146?tm=1418836613595) but figured it's probably more
  of a SharePoint question so I'm going to try here as well.
  We just discovered an issue where a user logs into a SharePoint site using Forms based authentication.  When clicking on an Office file they get
  'Sorry, this site hasn't been shared with you' message:
  The user can download the file and can also open the file within the browser (Office Web apps).  This SharePoint site is on a Web app that uses mixed authentication (forms for external partners) and Windows/Kerberos for internal employees.
   When logging into this same site as an internal user I am able to open the file just fine.
  I checked the 'Microsoft Document Connection' settings and selected and deselected 'Enable Basic Authentication' and neither helped.  
  I also tried to add the site URL under 'Microsoft Document Connection' -> Add connection -> Connect to a SharePoint site.  When I put the site URL in and click 'Connect', I get an error saying that 'Only connection to SharePoint or OneDrive
  servers are supported' message.  If I try the same thing as an internal user using Windows/Kerberos authentication I am able to connect to the site just fine.
  Any ideas??

  Hi Szamir,
  As you are using Form Based authentication to open the documents from SharePoint site, I recommend to check the things below:
  Make sure that the user has permission to view the documents in the site.
  Please select "Sign me in automatically" when you sign in the login page.
  More references:
  https://social.technet.microsoft.com/Forums/en-US/ae8cc886-c362-4709-8575-07d339144714/not-able-to-open-microsoft-office-documentsdocxxls-etc-from-document-library-in-a-fba-site-in?forum=sharepointgeneralprevious
  http://manojvnair.blogspot.com/2011/06/login-prompt-while-opening-office.html
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Can we customize any other expect SharePoint Sites using Sharepoint Designer

  Hi All,
  Can we customize any other expect SharePoint Sites using Sharepoint Designer?
  Thanks in Advance!

  As Hemmendra, the tool is specifically designed for SharePoint.  Both this and another tool derive from an older utility called FrontPage, which was an early Web Authoring product, before the age of standards and the like. 
  The other product that evolved into a paid development tool but is now free is one called Expression Web.  This can do more web specific stuff and may be of use for you.  It was made a free product a year ago though and can be found here.
  http://www.microsoft.com/en-gb/download/details.aspx?id=36179
  What else were you looking to achieve?
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• How can I download content of wiki pages from Office 365 online Sharepoint site using c#?

  How can I download content of wiki pages from Office 365 online Sharepoint site using c#?
  Ratnesh[MSFT]

  Hi,
  According to your post, my understanding is that you want to download content of wiki pages on SharePoint Online.
  If just for getting the text of the page, I suggest you convert page to PDF file first and then download the PDF file via a Visual Web Part as a Sandboxed solution.
  A sample about export HTML to PDF:
  http://hamang.net/2008/08/14/html-to-pdf-in-net/
  Thanks
  Patrick Liang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Patrick Liang
  TechNet Community Support

• SSLv3 Poodle vulnerability

  Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?
  http://www.wired.com/2014/10/poodle-explained/
  If so, if there a way to disable SSLv3?

  To disable SSLv3, do something like this:
  parameter-map type ssl PARAMMAP_SSL
    cipher RSA_WITH_3DES_EDE_CBC_SHA
    cipher RSA_WITH_AES_128_CBC_SHA priority 2
    cipher RSA_WITH_AES_256_CBC_SHA priority 3
    version TLS1
  ssl-proxy service SSL_PSERVICE_SERVER
    ssl advanced-options PARAMMAP_SSL
  (Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)

• Error when moving files between Sharepoint sites using 'content and structure' feature

  Hi,
  I am using Sharepoint Online 2013 on a mac computer.
  I am trying to move files between sharepoint sites/libraries but because the "open with explorer" link does not work on mac computers, I need to do so using the 'content and structure' feature.
  When I select a file to move and then select the destination site/doc library, i get the following error:
  An error was encountered performing this operation.
  Operation to Move '120207_Australia Post_Invoice.pdf' to '/Ops/internal/admin/General Admin' failed
  No items were moved. Please remove 120207_Australia Post_Invoice.pdf from the selection and retry operation
  Please help!
  Thanks,
  Kate

  Hi Kate,
  If you mean only one file "120207_Australia Post_Invoice.pdf" could not be moved, please compare this file to the other files moved successfully, check if there are some differences, like the content types, fields.
  Also compare the source library and destination library, make sure they have the the same type of fields.
  And you could have a try of moving this single file separately see if it could help, or as a workaround to download this file from source and upload to the destination library.
  Since it is related to SharePoint Online 2013, we cannot see the ULS log for more information, I would suggest you post this issue in Office365 SharePoint online dedicated forum via the following link for a better assistance.
  http://community.office365.com/en-us/forums/default.aspx
  Thanks
  Daniel Yang
  TechNet Community Support

• Get data from Sharepoint site in different farm using webservice, and current site using claims mode authentication.

  Hi , 
  I have a site that runs on   Claims Mode (  NTLM) . That site has a web part that needs to show the data from any  sharepoint farm, SharePoitn  2010 , or 2007 or 2003.
  I am getting 401 unauthorized when I   try to get data from webservice running in sharePoint context.
  But when I run the same code in  Windows Console application  then it is giving no error.
  What I doubt is that this issue is due to the reason that I have  set
  claims mode authentication.
  Because same code is running  in different farm in a site that is configured  using windows authentication.

  So generally speaking, you're talking about a VERY long running topic of authentication methods... and generally speaking, in the world of Windows, the only long running authentication options have been:
  - NTLM (limited to one hop)
  - Kerberos (unlimited hops)
  - Application level authentication (ex: SQL auth, also, no hops)
  Recently, Microsoft has been investing in Claims Based Auth... and I fully expect claims to start working their way into other systems (previously starting to work into Windows via the CardSpace technology, but also in other ways such as Win8's ability to
  log in with a LiveID)... but building a new authentication method into ALL applications is a VERY long process, and the complexity of claims adds a LOT of consideration (claims from the same AD can look VERY different depending on the STS, so lots of questions
  around things like bridging claims).
  So as far your SP auth needs...
  IF both applications are CLAIMS AWARE, then you MAY be able to use claims (which support unlimited hops)... but that's just not very likely yet (and will probably take another 5-10 years to be available across the entire enterprise)... otherwise, KERBEROS
  Outside of the Microsoft world... KERBEROS is open spec, so is supported by other systems (such as authenticating to linux)... claims based auth is also open spec, but again, still new... there are a few other options (LDAP, etc), but none that are native
  to Windows (so you rely on things like third party auth modules for Windows, which Novell has done for DECADES with NDS and eDir)
  And again, SharePoint can convert claims to Kerberos using the C2WTS... which MS uses internally for things Excel Services connecting to a backend SQL server... but it DOES require the Kerb and C2WTS configuration.
  if you're having issues using Kerb auth... then it sounds like Kerb isn't configured correctly... and Kerb is a PAIN to configure (whitepaper for SP Kerb is ~100 pages long)... IIS (and SharePoint) also has the added benefit of failing over to NTLM if Kerb
  fails (and you shouldn't disable this behavior, since it'll break other settings elsewhere)
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• POODLE Vulnerability and AMS configuration in Adapator.xml

  Hi,
  I am looking for some recommendation and guidance on how to ban AMS from using SSlV3 in with RTMPS clients. I know about that there's a configuration in Adaptor.xml called
  "SSLCipherSuite" which should be able to somehow prevent a specific protocol, but the Adobe documentation recommends contacting with Adobe before changing that configuration.
  So I was wondering if Adobe has any official recommendation to prevent RTMPS client from using SSLV3. Could someone please point me to the right direction?
  Thanks
  -Irtiza

  When will it be released?
  I can not comment on that...
  How will it support older browsers?
  Well most likely it will disable SSLv3 support from within the application. So you will not need to change anything in AMS ocnfiguration.
  All browsers which work on TLS 1.0 and higher will continue to work as they were working till now.
  Note that even in current release, if your browsers support TLS then TLS would be preferred mode of connection  and you will not be exposed to SSLv3 attack.
  Even today, POODLE vulnerability exists only if you are working on those browsers which do not support TLS.
  That said, you must upgrade your openssl to 1.0.1j, because prior to that a hacker could exploit a hack in openssl so that even if your endpoints supports TLS, it can hack and make the connection protocol get downgraded to SSLv3...openssl to 1.0.1j fixes this downgrade protocol attack..
  The steps to compile openssl for AMS are available in public domain..please google and compile openssl for yourself and drop that openssl in your AMS installation.
  Openssl consists of two files libeay32.dll and ssleay32.dll on windows  AND libssl.so.1.0.0 and libcrypto.so.1.0.0 on Linux...

• Problem connecting to hosted sharepoint site using hotspot connection with Telstra 3G

  I have problems connecting to a hosted sharepoint website using hotspot conection - either the page doesnt load (IE) or I get repeated sharepoint authentication prompts (Firefox). The problem is specific to this hosted site, we can successfully load other webpages, and can access another companes sharepoint extranet using iPhone hotsot connection. I have tried changing the cellular data APN settings on the iPhone from telstra.iph to telstra.internet but this did not solve the problem.

  Look at the JSSE examples. You need to setup a key store, add the jsse jars to your classpath, yadda, yadda, yadda....

• SCCM central site and primary site use the same SQL SERVER with two Instance.

  Hi  Guys,
  I want deploy SCCM 2012 central site and primary site in my domain. But Only one Sql server for me. Any one can tell me how to install the central site server and primary site server with the same SQL SERVER with two instance.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Sean Xiao
  TechNet Community Support

  Although you can install like the configuration you said above, we do not recommend you do it this way. If your SQL box has  problems, all the data will go away and you will not have data redundancy.
  You need to configure the different SQL Port and SQL Broke service port e.g.
  SQL port 4023  SQL Broke Service port 4022 for CAS instance
  SQL port 4024  SQL Broke Service port 4021 for PRI instance
  Juke Chou
  TechNet Community Support
  I agree with Johan and this configuration should not be used. But I want to clarify that the default ports for "SQL port" (actually, SQL over TCP) is 1433 and the SQL Broker Service uses 4022. The configuration above should work but the "correct" would be
  to use 1433 and 4022 for the CAS and 10434 and 4023 for the Primary :)
  You can read more about Network Ports used by Configuration Manager here
  http://technet.microsoft.com/en-us/library/hh427328.aspx#BKMK_CommunicationPorts
  /Tim
  Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa

• How to get list of users who all are having full access in sharepoint site using client object model c#

  Hi,
  I want to fetch the list of users who all are having full access to the sharepoint list using client object model with .Net
  Please let me know if any property for the user object or any other way to get it.
  Thanks in advance.

  Here you are complete code i created from some years it lists all groups and users, you can just add a check in the permissions loop to see if it is equal to Full Control.
  Private void GetData(object obj)
  MyArgs args = obj as MyArgs;
  try
  if (args == null)
  return; // called without parameters or invalid type
  using (ClientContext clientContext = new ClientContext(args.URL))
  // clientContext.AuthenticationMode = ClientAuthenticationMode.;
  NetworkCredential credentials = new NetworkCredential(args.UserName, args.Password, args.Domain);
  clientContext.Credentials = credentials;
  RoleAssignmentCollection roles = clientContext.Web.RoleAssignments;
  ListViewItem lvi;
  ListViewItem.ListViewSubItem lvsi;
  ListViewItem lvigroup;
  ListViewItem.ListViewSubItem lvsigroup;
  clientContext.Load(roles);
  clientContext.ExecuteQuery();
  foreach (RoleAssignment orole in roles)
  clientContext.Load(orole.Member);
  clientContext.ExecuteQuery();
  //name
  //MessageBox.Show(orole.Member.LoginName);
  lvi = new ListViewItem();
  lvi.Text = orole.Member.LoginName;
  lvsi = new ListViewItem.ListViewSubItem();
  lvsi.Text = orole.Member.PrincipalType.ToString();
  lvi.SubItems.Add(lvsi);
  //get the type group or user
  // MessageBox.Show(orole.Member.PrincipalType.ToString());
  if (orole.Member.PrincipalType.ToString() == "SharePointGroup")
  lvigroup = new ListViewItem();
  lvigroup.Text = orole.Member.LoginName;
  // args.GroupsList.Items.Add(lvigroup);
  DoUpdate1(lvigroup);
  Group group = clientContext.Web.SiteGroups.GetById(orole.Member.Id);
  UserCollection collUser = group.Users;
  clientContext.Load(collUser);
  clientContext.ExecuteQuery();
  foreach (User oUser in collUser)
  lvigroup = new ListViewItem();
  lvigroup.Text = "";
  lvsigroup = new ListViewItem.ListViewSubItem();
  lvsigroup.Text = oUser.LoginName;
  lvigroup.SubItems.Add(lvsigroup);
  //args.GroupsList.Items.Add(lvigroup);
  DoUpdate1(lvigroup);
  // MessageBox.Show(oUser.LoginName);
  RoleDefinitionBindingCollection roleDefsbindings = null;
  roleDefsbindings = orole.RoleDefinitionBindings;
  clientContext.Load(roleDefsbindings);
  clientContext.ExecuteQuery();
  //permission level
  lvsi = new ListViewItem.ListViewSubItem();
  string permissionsstr = string.Empty;
  for (int i = 0; i < roleDefsbindings.Count; i++)
  if (i == roleDefsbindings.Count - 1)
  permissionsstr = permissionsstr += roleDefsbindings[i].Name;
  else
  permissionsstr = permissionsstr += roleDefsbindings[i].Name + ", ";
  lvsi.Text = permissionsstr;
  lvi.SubItems.Add(lvsi);
  // args.PermissionsList.Items.Add(lvi);
  DoUpdate2(lvi);
  catch (Exception ex)
  MessageBox.Show(ex.Message);
  finally
  DoUpdate3();
  Kind Regards, John Naguib Technical Consultant/Architect MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation

• Is it possible to send a file to a sharepoint site using SSIS?

  Hi everyone,
  I got a request from my customer. She wanted me to develop a SSIS package that produces a CSV file and then send the file to a sharepoint folder. Is this possible? Please give me some detailed suggestion so I can do a simple test by myself. Thank you very
  much.
  regards,
  Oliver

  You may also want to check these other posts, too:
  http://spmaster.wordpress.com/2011/08/15/uploading-documents-to-sharepoint-via-powershell/
  http://www.a2zdotnet.com/View.aspx?Id=138#.U_ziy_ldWSo
  http://geekswithblogs.net/bjackett/archive/2010/02/15/programmatically-uploading-files-to-a-sharepoint-2007-document-library.aspx
  http://www.cozyroc.com/script/http-upload-download-task
  SSIS Tasks Components Scripts Services | http://www.cozyroc.com/

• Can someone advise, my proxy server blocks any sites using https

  i'm not using parental controls, i'm blocking the hosts in the proxy server setting on osx server. It all works fine but as soon as i go to some https:// site like https://auth.apple.com/authenticate?service=DockStatus&realm=primary-me&returnUR L=aHR0cDovL3d3dy5tZS5jb20vd28vV2ViT2JqZWN0cy9Eb2NrU3RhdHVzLndvYS93YS90cmFtcG9saW 5l&destinationUrl=
  i get access denied even though i haven't set it in blocked hosts. I was wondering do i have to have an SSL certificate to be able to access https:// sites? does anybody know?
  If i do can someone explain the procedure for self certification?

  turns out after i loaded more modules in proxy server it sorted this problem out
  Message was edited by: purplemonkey1

• Achieving Autofailover between Branches and HQ site using OSPF

  Hi there,
  I have a number of Branches and ATMs which connect to the HQ via GRE tunnels through L2MPLS of the service provdiers network.
  Recently I commisioned a DR site that I would like all the branches and ATMs to point to incase of disaster.
  Most importantly I am supposed to achieve an auto-failover solution between Branches and ATMs towards HQ, @ATM and branch has duo links from different providers for resiliency.
  The standard I am supposed to use is OSPF between branches and HQ, where we have GRE tunnels running in between, is there anyone who can assist me on how to achieve auto-failover solution between the Branches and HQ using OSPF on the existing GRE tunnels.
  Sample configuration would really help
  Thanks.

  What you are asking for here is a full blown network design. It is more than just a few configuration commands.
  We can point you in the right direction but we cannot do the entire thing for you.
  We would need to know things like is there a direct link between HQ and DR, how many branches, is OSPF already in use, if so what areas do you have, are you proposing to use the same IPs at the DR site  etc etc.
  But before all that have you thought about how the applications would work ?
  Presumably you have applications that run on servers at HQ. How do you sync this information to the DR site servers ?
  So a couple of scenarios -
  1) the link at HQ fails and all sites automatically switch to DR. Then 10 minutes later the link comes back up so all sites switch back to HQ.
  How are you going to make sure that any data written to servers in DR is now replicated to the HQ servers in real time.
  2) a branch primary link fails. It switches to DR but all the other branches are still going to HQ.
  Again how you are going to ensure the data remains consistent between the HQ and DR servers as you now have two active sites.
  Routing protocols are very good at automatically providing failover but they don't understand the applications.
  The hard part with DR is not the network, although that in itself can be challenging, but how the applications are going to work.
  So if you only want to invoke DR if there is a major outage at your HQ sites which could last for days for example then using a dynamic routing protocol could create more problems than it would solve.
  You may not have applications that need to be kept in sync so it may not be an issue for you.
  But even then what you are asking for is not trivial, DR never is.
  Perhaps you can clarify exactly how it is meant to work otherwise we cannot really point you in the right direction.
  Jon