Post file on Windows CE 5 with HTTPS/SSL and SHA-2 certificates.

+1 vote
asked May 17, 2015 by Stephen Paul Hassall (180 points)
retagged Feb 24 by Tomas Knopp

We want to perform a HTTPS POST to upload a file to a web site. It needs to include client certificates too. However we are doing it on a Windows CE 5 device that does not support SSL with SHA-2 certificates. Does your library have anything that allows us to do this.

We are using VS2008 and .Net CF 3.5.

Many thanks,
Stephen.

2 Answers

+1 vote
answered Feb 24 by Tomas Knopp (58,580 points)
 
Best answer

Rebex HTTPS for .NET library has been officially released in February 2017. It will enable you to use TLS 1.1 and TLS 1.2 with SHA-2 certificates on legacy platforms including Windows Mobile/.NET Compact Framework and old Windows systems like Windows XP.
We are making legacy platforms secure again!

0 votes
answered May 17, 2015 by Lukas Pokorny (85,050 points)
edited Apr 20, 2016 by Lukas Pokorny

Although our libraries don't currently include an HTTPS client, we are most likely adding it soon - we had to write one to make it possible for our forthcoming EWS library to work on Windows CE because we soon found out that .NET CF's HttpWebClient suffers from at least two serious SSL-related bugs that make it unusable. The lack of support of TLS 1.1 and 1.2 is also becoming an issue.

Because several customers expressed interest in a HttpWebRequest replacement object for .NET Compact Framework, we created a proof-of-concept library that is available from Rebex Labs: http://labs.rebex.net/HTTPS/

Unfortunately, SHA-2 is only supported on Windows CE 6.0 and some Windows Mobile 6.5 devices.

Update: As of April 2016, we support SHA-2 on all Windows CE / Windows Mobile 6.x devices, but if it's not supported natively, you might have to provide a custom certificate verifier to make SHA-2 based certificate validation work. You can find more information about this on Rebex HTTPS page.

To give it a try, the three DLLs from your application, add "using Rebex.Web" and "using Rebex.Net" and do the following once when the application starts:

  var creator = new HttpRequestCreator();

  // enable TLS 1.0, 1.1 and 1.2 (also supports legacy SSL 3.0)
  creator.Settings.SslAllowedVersions = TlsVersion.TLS10 | TlsVersion.TLS11 | TlsVersion.TLS12;

  // register HTTP request creator to replace .NET CF's default HttpWebRequest
  creator.Register();

Then try running your code. If it doesn't work, please let us know. This is an experimental code that has not been tested to handle all possible scenarios yet.

commented May 18, 2015 by Stephen Paul Hassall (180 points)
Sadly it looks like Rebex.Web.HttpRequest is a private class and therefore I can not use it.

Stephen.
commented May 18, 2015 by Lukas Pokorny (85,050 points)
Actually, after you register an instance of the `HttpRequestCreator` object (using the code in my answer above), all calls to .NET CF's `System.Net.WebRequest.Create()` will return an instance of the internal `Rebex.Web.HttpRequest` - they are instances of `System.Net.WebRequest` and you can use them.
This will probably change in the future and `HttpRequest` will be directly accessible as well.
commented May 18, 2015 by Stephen Paul Hassall (180 points)
I have the following code (this is done after setting the HttpRequestCreator).

// Create web request
object obj = WebRequest.Create(url);
Rebex.Web.HttpRequest webRequest = (Rebex.Web.HttpRequest)obj;

But VS2008 gives me the error

Error 2 'Rebex.Web.HttpRequest' is inaccessible due to its protection level.

If I cast to "System.Net.WebRequest" instead then I have no means of adding client certificates.
commented May 18, 2015 by Lukas Pokorny (85,050 points)
Unfortunately, even Rebex.Web.HttpRequest does not yet support client certificates the HttpWebRequest-like way. For now, you have to use the Rebex FTP/SSL way to authenticate using a certificate - see http://www.rebex.net/ftp-ssl.net/features/authentication.aspx#client-certificate for details. In case of `HttpRequestCreator` object, use `creator.Settings.SslClientCertificateRequestHandler` instead of `ftp.Settings.SslClientCertificateRequestHandler`. Sorry for inconvenience!
asked Jul 15, 2015 by tmcgee (170 points) New Rebex Web Client Beta?
commented Oct 29, 2015 by alexkrenn (100 points)
Is there a new beta available?
commented Oct 29, 2015 by Stephen Paul Hassall (180 points)
We had to use Bouncy Castle in the end. We used the NETCF_2_0 compile symbol to create a CF .Net 2.0 dll. It has TLS/SSL and works nicely. Working out how to use it to upload over HTTPS was tricky though.
commented Oct 30, 2015 by Lukas Pokorny (85,050 points)
There is a new beta at The current beta that fixes several HTTP-related issues is available at http://www.rebex.net/getfile/9bded38aa88b40318cd5f4c6b0084a9a/RebexHttp-NetCF-Beta3.zip that fixes several HTTP-related issues, but does not yet provide a richer API.
commented Nov 3, 2015 by Lukas Pokorny (85,050 points)
edited Apr 20, 2016 by Lukas Pokorny
Thanks for letting us know! SHA-2 only seems to be supported on Windows Embedded CE 6.0 and some builds of Windows Mobile 6.5 (see https://social.msdn.microsoft.com/Forums/en-US/28b19312-c0c6-4c29-824e-accc6ed083c9/sha256-sha384-sha512-support-in-windows-embedded-ce-60?forum=winembplatdev and https://support.microsoft.com/en-us/kb/2986556 for details) and we are not sure whether adding a managed implementation for Windows Mobile 5.0 is worth the effort - even Microsoft ended both mainstream and extended support (in October 2010 and 2015, respectively).
(Update: We decided to add SHA-2 support)
commented Mar 29, 2016 by Tomas Knopp (58,580 points)
edited Apr 20, 2016 by Lukas Pokorny
New version of Rebex HTTPS beta library has been released to our labs page:
http://labs.rebex.net/HTTPS/
It supports SHA-2 on all devices, but make sure to check the Labs page for details.
...