Connecting To AssureSign Using The TLS 1.2 Protocol

  • 11 January 2022
  • 0 replies
  • 24 views
butlerj
Userlevel 5
Badge +19

Our move to disable insecure web protocols has been ongoing for several years, and in August 2015 we announced plans to disable the TLS 1.0 and 1.1 protocols.

If you are using a client that has not been updated to support TLS 1.2, you may see errors such as this on a Windows environment:

An error occurred while making the HTTP request to [URL] This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

With a Java client you may see errors such as: java.net.SocketException or possibly java.io.IOException in conjunction with a connection drop.

Java

Supported TLS protocols in Java are listed here. Additional information is available here. TLS 1.2 is supported from JDK 7 (July 2011), and it is the default in JDK 8.

To enable TLS 1.2 on Java 7, you may set a system parameter:

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

And you may add in code:

System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2');

.NET

In spite of any error indicating a possible certificate issue, this has nothing to do with certificates.

In .NET 4.6, TLS 1.2 is enabled automatically and so negotiation with AssureSign to use TLS 1.2 should occur automatically in that scenario. So targeting and rebuilding your .NET application with .NET 4.6 will work.

If you are using .NET 4.5 and up (4.5.1/4.5.2), you can still enable negotiation to use TLS 1.2, but it will require a code change since the TLS 1.2 protocol is available but disabled by default in that version of .NET. In this scenario, you may add the following in order to allow correct negotation:

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;

With .NET 4.5, it may also be possible to force TLS 1.2 to be used through a registry change.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

All AssureSign published client applications were rebuilt in early 2016

 

Browsers

Confirm you are using one of the supported browsers listed here.
You may check what your current browser supports by visiting this site: https://www.howsmyssl.com/.

0 replies

Be the first to reply!

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings