Encryption security protocol issues when using HTTPS

 After some investigations, we have found the root cause.

It is related to the encryption security protocol used by the server to connect the the EAI integration server.

The INT_P uses TLS, whereas the other servers are using SSLv3. Even though all servers have the same default parameter (both active) the use of one or another differs.

We have done many tests and specifically one that forces the server to use only SSLv3, and we got the flows working in integration. However, this requires a code modification as you can see from the following article:http://social.msdn.microsoft.com/Forums/en-US/asmxandxml/thread/37c376a3-f50c-4b57-a1df-83dc43fcddbf

Here is the code modification.

public class Global : System.Web.HttpApplication
    {

        protected void Application_Start(object sender, EventArgs e)
        {
            //to force the server use SSL3 for secure connections
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
        }

 

We also are near 100% sure that this problem has been triggered by the installation of a patch affecting either the .Net Framework or Windows server. We have listed some KB that need analysis to see if the modification are impacting the encryption security protocol. You can see the list of the KB affecting the .Net Framework.

 

Les KB suivants ont été installés le 11 ou 12 août dernier :

 

Microsoft .NET Framework 3.0 Service Pack 2:

KB976769v2

 

Microsoft .NET Framework 2.0 Service Pack 2:

KB976765

KB980773

 

Security Update for Windows Server 2003:

KB2229593

KB2286198

KB2115168

KB980436

KB982214

KB2079403

 

Je n’ai pas de date concernant les KBs suivants:

 

Microsoft .NET Framework 3.5 SP1 :

KB953595

KB963707

KB958484