Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Windows error SEC_E_ILLEGAL_MESSAGE (0x80090326)
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Gerald Wiltse via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 5 Dec 2023 13:43:32 -0500
Thanks in advance for even responding and giving it a go! I have another
very important piece of information. We did find a session-level "fix" for
powershell, which I believe should make it pretty clear what the larger
problem is in the registry (not clear to me, but clear to you hopefully).
This is our "canary" URL and request command, and calling it as follows
doesn't work:
Invoke-WebRequest -Uri https://apod.nasa.gov/apod/
However, if we run the following Tls12 configuration command just before,
it WORKS:
PS> [Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12
PS> Invoke-WebRequest -Uri https://apod.nasa.gov/apod/
I had the user run this command at the start, although the output wasn't
particularly helpful:
PS> [Net.ServicePointManager]::SecurityProtocolPS> SystemDefault
Then I had the user try all the following commands, none of which seemed to
resolve the issue. Although, these would have required the user to restart
the powershell session, and they may or may not have done that at each
point.
Set-ItemProperty -Path
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name
'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319'
-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name
'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319'
-Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v2.0.50727' -Name
'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v2.0.50727'
-Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord
Again, so far, only setting the Tls12 value in the powershell session
worked for us, and unfortunately we can't even do that as a temporary
workaround for CURL.
In any case, I'm hoping with the above info, you can suggest some new
ideas.
Thanks again!
Regards,
Jerry
jerrywiltse_at_gmail.com
On Tue, Dec 5, 2023 at 12:41 PM Dustin Howett <duhowett_at_microsoft.com>
wrote:
> Hey Gerald,
> I'm the person in charge of ingesting curl into Windows. Nice to make your
> acquiantance!
> _at_bagder sent me this mailing list thread, and I can't entirely figure out
> how to navigate that web interface well enough to get a Message-ID... so
> I'm sorry in advance for breaking the thread.
>
> If you still have any of the machines that reproduce this issue, would you
> be able to grab a registry dump of...
>
> HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel
>
> ... using `reg export` from the CLI[1], or just the standard registry
> editor?
>
> If you've got one handy for the machines that *don't* reproduce the issue,
> I'd love to see that as well.
>
> Thanks!
> Dustin
>
> [1] reg export
> HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel
> %TEMP%\maybe-bad-schannel.reg
Date: Tue, 5 Dec 2023 13:43:32 -0500
Thanks in advance for even responding and giving it a go! I have another
very important piece of information. We did find a session-level "fix" for
powershell, which I believe should make it pretty clear what the larger
problem is in the registry (not clear to me, but clear to you hopefully).
This is our "canary" URL and request command, and calling it as follows
doesn't work:
Invoke-WebRequest -Uri https://apod.nasa.gov/apod/
However, if we run the following Tls12 configuration command just before,
it WORKS:
PS> [Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12
PS> Invoke-WebRequest -Uri https://apod.nasa.gov/apod/
I had the user run this command at the start, although the output wasn't
particularly helpful:
PS> [Net.ServicePointManager]::SecurityProtocolPS> SystemDefault
Then I had the user try all the following commands, none of which seemed to
resolve the issue. Although, these would have required the user to restart
the powershell session, and they may or may not have done that at each
point.
Set-ItemProperty -Path
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name
'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319'
-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name
'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319'
-Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v2.0.50727' -Name
'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v2.0.50727'
-Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord
Again, so far, only setting the Tls12 value in the powershell session
worked for us, and unfortunately we can't even do that as a temporary
workaround for CURL.
In any case, I'm hoping with the above info, you can suggest some new
ideas.
Thanks again!
Regards,
Jerry
jerrywiltse_at_gmail.com
On Tue, Dec 5, 2023 at 12:41 PM Dustin Howett <duhowett_at_microsoft.com>
wrote:
> Hey Gerald,
> I'm the person in charge of ingesting curl into Windows. Nice to make your
> acquiantance!
> _at_bagder sent me this mailing list thread, and I can't entirely figure out
> how to navigate that web interface well enough to get a Message-ID... so
> I'm sorry in advance for breaking the thread.
>
> If you still have any of the machines that reproduce this issue, would you
> be able to grab a registry dump of...
>
> HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel
>
> ... using `reg export` from the CLI[1], or just the standard registry
> editor?
>
> If you've got one handy for the machines that *don't* reproduce the issue,
> I'd love to see that as well.
>
> Thanks!
> Dustin
>
> [1] reg export
> HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel
> %TEMP%\maybe-bad-schannel.reg
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-12-05