+1 vote
by (180 points)
retagged by

We want to perform a HTTPS POST to upload a file to a web site. It needs to include client certificates too. However we are doing it on a Windows CE 5 device that does not support SSL with SHA-2 certificates. Does your library have anything that allows us to do this.

We are using VS2008 and .Net CF 3.5.

Many thanks,
Stephen.

Applies to: Rebex HTTPS

2 Answers

+1 vote
by (58.9k points)
 
Best answer

Rebex HTTPS for .NET library has been officially released in February 2017. It will enable you to use TLS 1.1 and TLS 1.2 with SHA-2 certificates on legacy platforms including Windows Mobile/.NET Compact Framework and old Windows systems like Windows XP.
We are making legacy platforms secure again!

0 votes
by (144k points)
edited by

Although our libraries don't currently include an HTTPS client, we are most likely adding it soon - we had to write one to make it possible for our forthcoming EWS library to work on Windows CE because we soon found out that .NET CF's HttpWebClient suffers from at least two serious SSL-related bugs that make it unusable. The lack of support of TLS 1.1 and 1.2 is also becoming an issue.

Because several customers expressed interest in a HttpWebRequest replacement object for .NET Compact Framework, we created a proof-of-concept library that is available from Rebex Labs: http://labs.rebex.net/HTTPS/

Unfortunately, SHA-2 is only supported on Windows CE 6.0 and some Windows Mobile 6.5 devices.

Update: As of April 2016, we support SHA-2 on all Windows CE / Windows Mobile 6.x devices, but if it's not supported natively, you might have to provide a custom certificate verifier to make SHA-2 based certificate validation work. You can find more information about this on Rebex HTTPS page.

To give it a try, the three DLLs from your application, add "using Rebex.Web" and "using Rebex.Net" and do the following once when the application starts:

  var creator = new HttpRequestCreator();

  // enable TLS 1.0, 1.1 and 1.2 (also supports legacy SSL 3.0)
  creator.Settings.SslAllowedVersions = TlsVersion.TLS10 | TlsVersion.TLS11 | TlsVersion.TLS12;

  // register HTTP request creator to replace .NET CF's default HttpWebRequest
  creator.Register();

Then try running your code. If it doesn't work, please let us know. This is an experimental code that has not been tested to handle all possible scenarios yet.

by (180 points)
Sadly it looks like Rebex.Web.HttpRequest is a private class and therefore I can not use it.

Stephen.
by (144k points)
Actually, after you register an instance of the `HttpRequestCreator` object (using the code in my answer above), all calls to .NET CF's `System.Net.WebRequest.Create()` will return an instance of the internal `Rebex.Web.HttpRequest` - they are instances of `System.Net.WebRequest` and you can use them.
This will probably change in the future and `HttpRequest` will be directly accessible as well.
by (180 points)
I have the following code (this is done after setting the HttpRequestCreator).

// Create web request
object obj = WebRequest.Create(url);
Rebex.Web.HttpRequest webRequest = (Rebex.Web.HttpRequest)obj;

But VS2008 gives me the error

Error 2 'Rebex.Web.HttpRequest' is inaccessible due to its protection level.

If I cast to "System.Net.WebRequest" instead then I have no means of adding client certificates.
by (144k points)
Unfortunately, even Rebex.Web.HttpRequest does not yet support client certificates the HttpWebRequest-like way. For now, you have to use the Rebex FTP/SSL way to authenticate using a certificate - see http://www.rebex.net/ftp-ssl.net/features/authentication.aspx#client-certificate for details. In case of `HttpRequestCreator` object, use `creator.Settings.SslClientCertificateRequestHandler` instead of `ftp.Settings.SslClientCertificateRequestHandler`. Sorry for inconvenience!
asked Jul 15, 2015 by (170 points) New Rebex Web Client Beta?
by
Is there a new beta available?
by (180 points)
We had to use Bouncy Castle in the end. We used the NETCF_2_0 compile symbol to create a CF .Net 2.0 dll. It has TLS/SSL and works nicely. Working out how to use it to upload over HTTPS was tricky though.
by (144k points)
There is a new beta that fixes several HTTP-related issues, but does not yet provide a richer API.
by (144k points)
edited by
Thanks for letting us know! SHA-2 only seems to be supported on Windows Embedded CE 6.0 and some builds of Windows Mobile 6.5 (see https://social.msdn.microsoft.com/Forums/en-US/28b19312-c0c6-4c29-824e-accc6ed083c9/sha256-sha384-sha512-support-in-windows-embedded-ce-60?forum=winembplatdev and https://support.microsoft.com/en-us/kb/2986556 for details) and we are not sure whether adding a managed implementation for Windows Mobile 5.0 is worth the effort - even Microsoft ended both mainstream and extended support (in October 2010 and 2015, respectively).
(Update: We decided to add SHA-2 support)
by (58.9k points)
edited by
New version of Rebex HTTPS beta library has been released to our labs page:
http://labs.rebex.net/HTTPS/
It supports SHA-2 on all devices, but make sure to check the Labs page for details.
...