This new version includes the following updates/fixes: Added the TrustedRoots class to allow for programss to globally specify a specific set of trusted root CA certificates for PKCS7 certificate signature verification and for SSL/TLS server certificate trust. Added the RequireSslCertVerify property to Http, IMAP, Socket, and MHT. Added the CrcFile and CrcBytes methods to the Crypt2 API. Added a new […]
The internal Chilkat SSL/TLS implementation now supports the TLS_DHE_RSA_WITH_AES_256_CBC_SHA and TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher suites. These allow for perfect forward secrecy. Note: This is implemented on the client-side for all protocols using SSL/TLS. The SSL/TLS client provides the server with a list of algorithms it supports, and it is the server that decides which is to be used. These new algorithms are […]
Chilkat does not use OpenSSL and is not affected by the Heartbleed bug.
If this FTP server response is seen in the LastErrorText, it means that the SSL/TLS connection requires a client-side certificate with private key. Prior to connecting, the client-side certificate should be specified by calling the SetSslClientCert, or SetSslClientCertPfx. Make sure to check the return value of these methods for success/failure. If the SetSslClientCert* method fails, then no client-side certificate has […]
Problem: An SSL/TLS connection failed and the LastErrorText contains “SEC_E_INTERNAL_ERROR”, such as in the error text below: (See cause solution below) ChilkatLog: Connect: DllDate: Dec 4 2009 UnlockPrefix: **** Username: **** Component: .NET 2.0 objectId: 1 hostname: *.*.*.* port: 443 ssl: 1 maxWaitMs: 20000 windowsAccount: **** ClientCertDN: **** protocol: default An existing connection was forcibly closed by the remote host. […]
This blog post is here to clarify a very common misunderstanding. The various Chilkat components that provide SSL/TLS support also provide an option that allows a client-side digital certificate to be used with the secure connection. A certificate identifies you to the server. In 99% of cases you do not need a client certificate. It is usually not necessary for […]
If you open a DOS prompt and telnet to an SMTP server (typically port 25 for non-SSL, port 465 for SSL), you should get a human-readable printable-text “HELLO” message from the non-SSL port, but binary SSL-handshake protocol gobbly-gook from an implicit SSL port. For example: > telnet mail.chilkatsoft.com 25 220 mail.chilkatsoft.com ESMTP MailEnable Service, Version: 0-1.85- ready at 05/30/08 08:04:19 […]