none
This site can't provide a secure connection xxxxxxxx uses an unsupported protocol - WCF self host RRS feed

  • Question

  • We have a WCF host service which exposes a [WebGet] method on localhost port 9200. We are trying to consume this from a javascript code. It was working with both IE11 and Chrome v65. After I upgraded to chrome v68 I started getting the below error

     

    "This site can’t provide a secure connection xxxxxxx uses an unsupported protocol.

    ERR_SSL_VERSION_OR_CIPHER_MISMATCH.Unsupported protocol

    The client and server don't support a common SSL protocol version or cipher suite."

     

    Any version of chrome above v68 gives the same error.

    I have pasted my c# code

     

    **Service Contract**

     

      

      [WebGet(UriTemplate = "hello", ResponseFormat = WebMessageFormat.Json)]    [OperationContract]    string HelloWorld();

     

    **appconfig**

     

          

      <configuration>        <startup>        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1" />      </startup>      <system.serviceModel>        <services>          <service name="SelfHostRestService.Service" behaviorConfiguration="ServiceBehavior">            <endpoint address=""                      bindingConfiguration="restBinding"                      binding="webHttpBinding"                      contract="Contracts.IService"                      behaviorConfiguration="webBehavior"/>          </service>        </services>        <behaviors>          <serviceBehaviors>            <behavior name="ServiceBehavior">                   <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />                       <serviceDebug includeExceptionDetailInFaults="true" />              <dataContractSerializer maxItemsInObjectGraph="6553600" />              <serviceThrottling maxConcurrentCalls="20" maxConcurrentSessions="40" maxConcurrentInstances="2147483647" />            </behavior>          </serviceBehaviors>          <endpointBehaviors>            <behavior name="webBehavior">              <webHttp />            </behavior>          </endpointBehaviors>        </behaviors>        <bindings>          <webHttpBinding>            <binding name="restBinding" crossDomainScriptAccessEnabled="true">              <security mode="Transport">                <transport clientCredentialType="None"/>              </security>            </binding>          </webHttpBinding>        </bindings>      </system.serviceModel>    </configuration>

     

    **Service Hosting**

     

       

     Uri netTcpAdddress = new Uri("https://Example.com:9200");                    ServiceHost wHostV2 = new ServiceHost(typeof(Service), netTcpAdddress);                                  X509Certificate2 certificate = new X509Certificate2(System.Environment.CurrentDirectory + "\\" + "Example.pfx", "password");                    wHostV2.Credentials.ServiceCertificate.Certificate = certificate;                    wHostV2.Open();                    Console.WriteLine("Service is up and running");                    Console.WriteLine("Press enter to quit ");                    Console.ReadLine();                    wHostV2.Close();

     

    After my analysis, it looks like my service is running on only SSL & TLS 1.0. Below is my NMAP scan result

     

     

       9200/tcp open  ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)    |_http-server-header: Microsoft-HTTPAPI/2.0    | ssl-enum-ciphers:    |   SSLv3:    |     ciphers:    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C    |       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C    |       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C    |       TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C    |     compressors:    |       NULL    |     cipher preference: server    |     warnings:    |       64-bit block cipher 3DES vulnerable to SWEET32 attack    |       64-bit block cipher DES vulnerable to SWEET32 attack    |       Broken cipher RC4 is deprecated by RFC 7465    |       CBC-mode cipher in SSLv3 (CVE-2014-3566)    |       Ciphersuite uses MD5 for message integrity    |   TLSv1.0:    |     ciphers:    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A    |       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C    |       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C    |       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C    |       TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C    |     compressors:    |       NULL    |     cipher preference: server    |     warnings:    |       64-bit block cipher 3DES vulnerable to SWEET32 attack    |       64-bit block cipher DES vulnerable to SWEET32 attack    |       Broken cipher RC4 is deprecated by RFC 7465    |       Ciphersuite uses MD5 for message integrity    |_  least strength: C

     

    I tried to upgrade my .net framework to 4.7 as the below blog suggests but didnt work..

    https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/retargeting/4.6.2-4.7

     

    Any help is appreciated.

    Wednesday, February 20, 2019 7:22 PM

Answers