Stack Overflow
Stack Overflow

Questions tagged [schannel]

91 questions
12
votes
2 answers

What is the difference between the DisabledByDefault and Enabled SSL/TLS registry keys on Microsoft Windows?

Microsoft provides best practices guidance for Transport Layer Security (TLS). This document describes registry keys that can enable or disable a specific…
Timothy Schoonover
  • 2,945
  • 3
  • 27
  • 41
10
votes
1 answer

AcquireCredentialsHandle fails in kernel mode, when using SCH_CRED_FORMAT_CERT_HASH

I call AcquireCredentialsHandle in a kernel driver, passing in SCHANNEL_CRED with the dwCredFormat set to SCH_CRED_FORMAT_CERT_HASH. It fails with SEC_E_NO_CREDENTIALS. Here is my code: BYTE certHashBytes[20] = {…
wezten
  • 1,496
  • 1
  • 19
  • 40
10
votes
1 answer

How to import an OpenSSL key file into the Windows Certificate Store

I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file. This certificate is required for authentication when connecting to a prototype server. This works fine on Linux. I've been using the Microsoft SChannel API…
Gearoid Murphy
  • 10,997
  • 17
  • 60
  • 85
8
votes
0 answers

A call to SSPI failed, see inner exception. The function requested is not supported

In my company we have a Windows service developed in C# to process requests messages from clients using SSLStream with Tls12 and Server and Client certificates. Service have worked fine on Windows Server 2012, including Windows 10 PC, no matter if…
Aldemar Cuartas Carvajal
  • 1,099
  • 2
  • 11
  • 32
7
votes
1 answer

Left with 0 client certificates to choose from when accessing SSRS management.

Environment: Reporting Services running on a SQL Server 2008 R2 SP3 installation on a Windows 2008 server with .Net 4.6.1 installed and .Net 3.5 enabled as feature. IIS, database and reporting service all in the local machine (custom login URL in a…
Ignacio Soler Garcia
  • 20,097
  • 26
  • 114
  • 195
7
votes
2 answers

Libcurl stops working, SSL connect error

I'm working on a program for personal use that scrapes a few webpages periodically. One of them requires the use of SSL, and its main URL actually is a load balancer that redirects to a different domain each time, out of a list of a handful (not…
Jehjoa
  • 461
  • 6
  • 23
7
votes
0 answers

SChannel send intermediate certificate chain from memory store

I am working with a server using SChannel TLS. I use SCHANNEL_CRED and AcquireSecurityCredentials to create the security credentials that are then passed to AcceptSecurityContext. Everything seems to work ok, but SChannel will not send an…
John
  • 676
  • 1
  • 6
  • 20
5
votes
1 answer

SChannel/SSL implementation?

I can implement HTTP using "win sockets" easily , but I've been struggling to implement HTTPS using "SChannel" which is pretty much poorly documented "at least for me". How can I establish a secure connection for HTTPS communication and is there any…
M.U
  • 251
  • 1
  • 8
5
votes
2 answers

Dealing with SEC_I_RENEGOTIATE and TLS1_ALERT_NO_RENEGOTIATION in SChannel

I'm working with SChannel at the moment for an async (IOCP) based server and I've got most things working fine but I'm having a problem with renegotiation. Specifically, when peer A sends peer B a request to renegotiate and peer B responds with an…
Len Holgate
  • 20,256
  • 4
  • 40
  • 89
5
votes
1 answer

How to Call Schannel Functions from .Net/C#

I am trying to re-order/remove cipher suites due to compliance reasons (I want to use 256 bit AES and ephemeral keys) in .Net. However, using WCF TCP Transport Security, I cede all control over the security to Windows' TLS implementation and its…
Chris Benard
  • 2,979
  • 1
  • 24
  • 33
4
votes
1 answer

TLS Handshake process by InitializeSecurityContext (Schannel)

I have to implement an TLS handshake process using the SSPI interface. My app implements the client side, and as I saw from here the general flow is: InitializeSecurityContext - first call return a pointer to a SecBufferDesc structure. Call to…
RRR
  • 3,421
  • 13
  • 48
  • 68
4
votes
2 answers

DTLS using Schannel

I am trying to create a DTLS "connection" using Schannel under Windows (I am testing under recent Windows 10 version, so all DTLS versions supported by Schannel should be available) I tried starting from working code to establish a regular TLS…
fbrosseau
  • 325
  • 2
  • 7
4
votes
1 answer

Obtaining openssl x509 certificate chain sent by server in custom cert_verify_callback

I am considering overriding the default certificate verification procedure with one that uses the Windows system store (via SSL_CTX_set_cert_verify_callback). The application is a web client and I need to accept company-wide self-signed certificates…
patraulea
  • 451
  • 4
  • 19
3
votes
1 answer

Microsoft Windows SChannel SSPI Self test?

The question pertains to some specs (FIPS) that require the SChannel modules used for TLS perform a self test prior to use to validate that they have not been compromised. FIPS is one example. In the Open source libraries there are self tests built…
Mike Trader
  • 7,978
  • 13
  • 52
  • 65
3
votes
1 answer

Can't connect to the SSL server that use only ephemeral ciphersuites (The Local Security Authority cannot be contacted)

I'm trying to connect to the test server started with openssl (this limited ciphersuite combination is intended): openssl s_server -accept 443 -www -tls1_2 -cipher ECDHE:DHE:EDH -cert selfsignedcert.pem -key sskey.pem The code I use is similar to…
savageBum
  • 262
  • 1
  • 4
  • 11
1
2 3 4 5 6 7