.NET application is not able to connect to EMS over SSL.
Article ID: KB0092835
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
.Net EMS client using .Net 4.5 is not able to connect to EMS over SSL and throws an exception, "Received an unexpected EOF or 0 bytes from the transport stream." If the EMS server is configured to allow RC4 cipher only, this issue will occur. For example,
ssl_server_ciphers = -ALL:RC4-MD5
RC4 is considered insecure. .Net 4.5 may disable it. Refer to https://technet.microsoft.com/en-us/library/security/2960358.aspx.
The EMS server log shows the error "no shared cipher". The issue can be confirmed by capturing SSL handshaking protocol messages by Windump on the problem client machine. It is shown in the "Client Hello" message that RC4 is not among the cipher suites supported by the client. More information regarding disabling RC4 cipher on Windows can be found on internet as shown below:
1). Changing group policy.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/38e9b2c6-2eb9-40e5-ba4e-e22fff64cbe2/set-specific-cipher-suites?forum=netfxbcl
http://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/
2). Restrict the use of certain cryptographic algorithms and protocols in Schannel.dll.
https://support.microsoft.com/en-us/kb/245030
This involves changing the registry.
3). Check if there is any new update involving disabling RC4 on the machine, for example:
Control Panel\System and Security\Windows Update\View update history
Consult System Administrator or Microsoft Support for further assistance.
.Net EMS client using .Net 4.5 is not able to connect to EMS over SSL and throws an exception, "Received an unexpected EOF or 0 bytes from the transport stream." If the EMS server is configured to allow RC4 cipher only, this issue will occur. For example,
ssl_server_ciphers = -ALL:RC4-MD5
RC4 is considered insecure. .Net 4.5 may disable it. Refer to https://technet.microsoft.com/en-us/library/security/2960358.aspx.
The EMS server log shows the error "no shared cipher". The issue can be confirmed by capturing SSL handshaking protocol messages by Windump on the problem client machine. It is shown in the "Client Hello" message that RC4 is not among the cipher suites supported by the client. More information regarding disabling RC4 cipher on Windows can be found on internet as shown below:
1). Changing group policy.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/38e9b2c6-2eb9-40e5-ba4e-e22fff64cbe2/set-specific-cipher-suites?forum=netfxbcl
http://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/
2). Restrict the use of certain cryptographic algorithms and protocols in Schannel.dll.
https://support.microsoft.com/en-us/kb/245030
This involves changing the registry.
3). Check if there is any new update involving disabling RC4 on the machine, for example:
Control Panel\System and Security\Windows Update\View update history
Consult System Administrator or Microsoft Support for further assistance.
Issue/Introduction
.NET application is not able to connect to EMS over SSL.
Environment
.Net 4.5
Windows
Additional Information
https://technet.microsoft.com/en-us/library/security/2960358.aspx
Feedback
Yes
No
Powered by
