I am using Casablanka Rest SDK with Visual C++ 2015. The Casablanka SDK is based on winhttp. Whenever a request is sent over SSL, an exception is received. The exception is:
"SSL error: WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR internal error."
The problem is only with Windows 2008 R2 server. My laptop running Windows 10 and Windows 2012 server are OK.
There are no problems browsing the SSL enabled websites from the Windows 2008. However, my application just don't work and fails with the above errors.
Any help is appreciated :)
Just adding the winhttp trace:
"23:24:31.228 ::usr-req 003B2A60 received OnTcpConnected callback 23:24:31.244 :: an async I/O operation completes (overlapped = 00397790, #bytes/info = 0, error = SEC_E_INVALID_TOKEN (-2146893048)) 23:24:31.244 ::sys-sender processing HttpSendHttpRequest completion (error-cdoe = SEC_E_INVALID_TOKEN (0x80090308), #bytes = 0, overlapped = 00397790) 23:24:31.244 ::sys-sender failed to a request; error = SEC_E_INVALID_TOKEN (-2146893048) 23:24:31.244 ::ERROR_WINHTTP_FROM_WIN32 mapped (SEC_E_INVALID_TOKEN) -2146893048 to (ERROR_WINHTTP_SECURE_FAILURE) 12175"
Windows 2008 couldn't negotiate TLS 1.2. So, I downgraded the protocols in Rest SDK (cpprestsdk\Release\src\http\client\http_client_winhttp.cpp).
changes:
DWORD secure_protocols = WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1;
if (IsWindowsVersionOrGreater(6, 3, 0)) {
secure_protocols += WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
}
win32_result = ::WinHttpSetOption(m_hSession, WINHTTP_OPTION_SECURE_PROTOCOLS, &secure_protocols, sizeof(secure_protocols));
I hope this helps some facing the same issue.
User contributions licensed under CC BY-SA 3.0