Hi
I'm getting a very frustrating issue with connecting to a secure api - it's at https://api.betdaq.com/v2.0/secure/secureservice.asmx
From my windows 10 machine I can access it fine, and (using Firefox) I can see that it has a security certificate supplied by COMODO CA Limited, and connects over TLS 1.2 with the following cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA.
All fine.
I've got an app running on a Server 2016 Datacenter VPS though, which refuses to connect. The VPS providers have assured me that there are no firewall or proxy restrictions, I can telnet fine to the server, but I can't make any headway with understanding
what the connection issues are.
Using IE on the 2016 server to hit the api, I get the following response:
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://api.betdaq.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which
is not considered secure. Please contact your site administrator.
(And just to confirm, I don't experience these issues with other secure sites / services).
I've installed Microsoft Message Analyzer and Wireshark to see what's happening, but neither flag up any errors (at least not to my untrained eye). The client hello is sent, but then there are a host of RST ACK messages, and that's it. (Apologies,
this is way out of my comfort zone - I'm just following advice from articles I've googled, I'm not at all sure what all the outputs are telling me.)
I've also installed OpenSSL to do some digging, and whilst on my windows 10 machine I get a host of info about the certificate chain, certificate, keys, etc, on the Server 2016 VPS I just get the following:
OpenSSL> s_client -connect api.betdaq.com:443
CONNECTED(00000170)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1540574555
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
error in s_client
Does anybody have any idea what may be causing my issue?
Cheers, J.