Trying to evaluate if I can use Rebex dll to support TLS 1.2 on Wince 5.0 and PC.
Downloading the trial license on Feb 2, 2024, I followed the example to write a small test program (see below). Using 3 dll files in Rebex Components 7.0.8755\bin\net-3.5, the test program on PC returned the Result message in 2 seconds: "Result: Hello World from test.rebex.net. Server time is 2024-02-12 11:39:22."
14:39:21:009 WL: StartRebexTest is called
14:39:21:009 WL: MyRebexTest starts...
14:39:21:262 Registering Rebex HttpWebRequestCreator...
14:39:21:262 Invoking web service at
https://test.rebex.net/demowebservice.asmx
14:39:21:262 WL: MkRebex HelloWorld
14:39:22:548 [PanelFlipper] Flipped panels for no-ID from indexes 0 to 1.
14:39:23:557 Result: Hello World from test.rebex.net. Server time is 2024-02-12 11:39:22.
Running the same test program with 3 dll files from "Rebex Components Legacy CF R5.14\bin\netcf-3.5" on Wince 5.0 dev Set-Top-Box, the TLS 1.2 call never returns the invoke results.
Why does the client fail to get TLS 1.2 test result on WinCE device? Is there any way to debug or fix?
[2024-02-12 11:20:46.929] WL: StartRebexTest is called
[2024-02-12 11:20:47.585] WL: MyRebexTest starts...
[2024-02-12 11:20:47.745] Rx Sense = 1
[2024-02-12 11:20:47.922] Registering Rebex HttpWebRequestCreator...
[2024-02-12 11:20:48.015] Invoking web service at https://test.rebex.net/demowebservice.asmx
[2024-02-12 11:20:48.016] WL: MkRebex HelloWorld
[2024-02-12 11:20:49.712] [PanelFlipper] Flipped panels for no-ID from indexes 0 to 1.
[2024-02-12 11:20:49.744] Rx Sense = 1
[2024-02-12 11:20:51.752] Rx Sense = 1
[2024-02-12 11:20:53.750] Rx Sense = 1
[2024-02-12 11:20:55.750] Rx Sense = 1
[2024-02-12 11:20:56.719] [PanelFlipper] Flipped panels for no-ID from indexes 1 to 0.
[2024-02-12 11:20:57.759] Rx Sense = 1
[2024-02-12 11:20:59.770] Rx Sense = 1
Here is the Rebex https TLS 1.2 test sample code:
namespace Rebex.Samples
{
/// <remarks/>
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.ComponentModel.DesignerCategoryAttribute("code")]
[System.Web.Services.WebServiceBindingAttribute(Name = "DemoWebServiceSoap", Namespace = "http://tempuri.org/")]
public partial class MkRebexWebService : System.Web.Services.Protocols.SoapHttpClientProtocol
{
/// <remarks/>
public MkRebexWebService()
{
this.Url = "http://test.rebex.net/demowebservice.asmx";
// this.Url = "https://test-tls12.messagemedia.com";
}
/// <remarks/>
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://tempuri.org/HelloWorld", RequestNamespace = "http://tempuri.org/", ResponseNamespace = "http://tempuri.org/", Use = System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle = System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
public string HelloWorld()
{
Console.WriteLine("WL: MkRebex HelloWorld ");
object[] results = this.Invoke("HelloWorld", new object[0]);
return ((string)(results[0]));
}
}
static class MkRebexCertificateVerifier
{
// list of trusted certificate thumbprints
// (replace with a persistend storage if needed)
static List<string> TrustedThumbprints = new List<string>();
public static void MkRebexCertificateValidator(object sender, Rebex.Net.SslCertificateValidationEventArgs e)
{
// try using the default certificate validator (uses Windows certificate infrastructure
// or custom Rebex certificate validator when needed (e.g. for SHA-2 based certificates on .NET CF)
Rebex.Security.Certificates.ValidationResult res = e.CertificateChain.Validate(e.ServerName, 0);
if (res.Valid)
{
e.Accept();
return;
}
// get the server certificate
Rebex.Security.Certificates.Certificate cert = e.CertificateChain.LeafCertificate;
// check whether the certificate is already explicitly trusted
if (TrustedThumbprints.Contains(cert.Thumbprint))
{
e.Accept();
return;
}
// the certificate is not trusted yet - show it to the user
StringBuilder sb = new StringBuilder();
sb.Append("There was an error validating the certificate: '" + res.Status + "'.\r\n");
sb.Append("Do you trust the following certificate?\r\n");
sb.Append(" Common name:\t" + cert.GetCommonName() + "\r\n");
sb.Append(" Thumbprint:\t" + cert.Thumbprint + "\r\n");
sb.Append(" Expires on:\t" + cert.GetExpirationDate().ToString() + "\r\n");
// ask user whether to trust this certificate
DialogResult result = MessageBox.Show(
sb.ToString(),
"Do you trust this certificate?",
MessageBoxButtons.YesNo,
MessageBoxIcon.Question,
MessageBoxDefaultButton.Button2
);
// accept or reject the certificate based on user response
if (result == DialogResult.Yes)
{
e.Accept();
// OPTIONALLY store the current certificate in a list of explicitly trusted certificates
// WriteLine("Adding certificate thumbprint to trusted certificate store.");
TrustedThumbprints.Add(cert.Thumbprint);
}
else
{
e.Reject();
}
}
}
static class Program
{
public static void MyRebexTest()
{
Console.WriteLine("WL: MyRebexTest starts...");
Rebex.Licensing.Key = "...does not show temp license here...";
// create an instance of Rebex HTTP request creator
Rebex.Net.HttpRequestCreator creator = new Rebex.Net.HttpRequestCreator();
// specify enabled TLS/SSL versions (TLS 1.2, 1.1 and 1.0 are enabled by default;
// legacy SSL 3.0 is also supported, but it is no longer considered secure)
// creator.Settings.SslAllowedVersions = TlsVersion.TLS12 | TlsVersion.TLS11 | TlsVersion.TLS10;
creator.ValidatingCertificate += Rebex.Samples.MkRebexCertificateVerifier.MkRebexCertificateValidator;
// register request creator to handle HTTP and HTTPS requests
// (replaces .NET's default HttpWebRequest)
Console.WriteLine("Registering Rebex HttpWebRequestCreator... ");
creator.Register();
MkRebexWebService client = new MkRebexWebService();
client.Url = "https://test.rebex.net/demowebservice.asmx";
// client.Url = "https://test-tls12.messagemedia.com";
try
{
Console.WriteLine("Invoking web service at " + client.Url);
Console.WriteLine("");
Console.WriteLine("Result: " + client.HelloWorld());
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
}
}