We have a WCF host service which exposes a [WebGet] method on localhost port 9200. We are trying to consume this from a javascript code. It was working with both IE11 and Chrome v65. After I upgraded to chrome v68 I started getting the below error
"This site can’t provide a secure connection xxxxxxx uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH.Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite."
Any version of chrome above v68 gives the same error.
I have pasted my c# code
**Service Contract**
[WebGet(UriTemplate = "hello", ResponseFormat = WebMessageFormat.Json)] [OperationContract] string HelloWorld();
**appconfig**
<configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1" /> </startup> <system.serviceModel> <services> <service name="SelfHostRestService.Service" behaviorConfiguration="ServiceBehavior"> <endpoint address="" bindingConfiguration="restBinding" binding="webHttpBinding" contract="Contracts.IService" behaviorConfiguration="webBehavior"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="ServiceBehavior"> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> <dataContractSerializer maxItemsInObjectGraph="6553600" /> <serviceThrottling maxConcurrentCalls="20" maxConcurrentSessions="40" maxConcurrentInstances="2147483647" /> </behavior> </serviceBehaviors> <endpointBehaviors> <behavior name="webBehavior"> <webHttp /> </behavior> </endpointBehaviors> </behaviors> <bindings> <webHttpBinding> <binding name="restBinding" crossDomainScriptAccessEnabled="true"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </webHttpBinding> </bindings> </system.serviceModel> </configuration>
**Service Hosting**
Uri netTcpAdddress = new Uri("https://Example.com:9200"); ServiceHost wHostV2 = new ServiceHost(typeof(Service), netTcpAdddress); X509Certificate2 certificate = new X509Certificate2(System.Environment.CurrentDirectory + "\\" + "Example.pfx", "password"); wHostV2.Credentials.ServiceCertificate.Certificate = certificate; wHostV2.Open(); Console.WriteLine("Service is up and running"); Console.WriteLine("Press enter to quit "); Console.ReadLine(); wHostV2.Close();
After my analysis, it looks like my service is running on only SSL & TLS 1.0. Below is my NMAP scan result
9200/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 | ssl-enum-ciphers: | SSLv3: | ciphers: | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | 64-bit block cipher DES vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | CBC-mode cipher in SSLv3 (CVE-2014-3566) | Ciphersuite uses MD5 for message integrity | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | 64-bit block cipher DES vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | Ciphersuite uses MD5 for message integrity |_ least strength: C
I tried to upgrade my .net framework to 4.7 as the below blog suggests but didnt work..
https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/retargeting/4.6.2-4.7
Any help is appreciated.
