WINHTTP(HTTPS). TLS 1.0  does not use RC4 in windows 8.1?

hello 

i know some SERVER(it support only TLS(ver1.0) cipher(TLS_RSA_WITH_RC4_128_SHA) by default.

i tried to connect that server with client program that i made using WINHTTP function.

Other OS( except windows 8.1 ) WinhttpSendRequest() function returns true. but only windows 8.1 returns false. (same source code.)

so, i think TLS ver1.0 support cipher(TLS_RSA_WITH_RC4_128_SHA) by default but in Windows 8.1 i can't find TLS_RSA_WITH_RC4_128_SHA cipher in TLS ver1.0.

i tried to wireshark capture network traffic when connect to that SERVER using 'IE browser'. first client_hello message does not include RC4 with TLS ver1.0. but next client_hello message include RC4 with TLS ver1.0.  i think OS(windows8.1) automatically modify cipher suite. 

so i want 'WINHTTP' function with RC4 cipher TLS ver1.0 like 'IE browser'. anyone help me. 

if my source has problem or needs some additional code line, please help me. 

client program source code blow..

==========================================================

wchar_t log[300] = {0}; ///test


bool bIsValid = true;


HINTERNET hSession = WinHttpOpen( L"my app", 
WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, 
WINHTTP_NO_PROXY_NAME, 
WINHTTP_NO_PROXY_BYPASS, 
0 );

if( !hSession )
{
OutputDebugStringW(L"WinHttpOpen fail");
return bIsValid;
}



DWORD dwOption=0;
dwOption = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1| WINHTTP_FLAG_SECURE_PROTOCOL_SSL3;

if(WinHttpSetOption(hSession,WINHTTP_OPTION_SECURE_PROTOCOLS, &dwOption, sizeof(DWORD)))
OutputDebugStringW(L"WinHttpSetOption Success_protocol");
else  
{
OutputDebugStringW(L"WinHttpSetOption fail_protocol");
WinHttpCloseHandle(hSession);
return bIsValid;
}


HINTERNET hConnect = WinHttpConnect(hSession, SERVERURL, INTERNET_DEFAULT_HTTPS_PORT, 0 );


if ( !hConnect )
{
OutputDebugStringW(L"WinHttpConnect fail");
WinHttpCloseHandle(hSession);
return bIsValid;
}




HINTERNET hRequest = WinHttpOpenRequest( hConnect, 
L"GET", 
L"", 
NULL, 
WINHTTP_NO_REFERER, 
WINHTTP_DEFAULT_ACCEPT_TYPES, 
WINHTTP_FLAG_SECURE);

if ( !hRequest )
{
OutputDebugStringW(L"WinHttpOpenRequest fail");
WinHttpCloseHandle(hConnect);
WinHttpCloseHandle(hSession);
return bIsValid;
}



BOOL bResults = WinHttpSendRequest(hRequest, 
WINHTTP_NO_ADDITIONAL_HEADERS, 
0, 
WINHTTP_NO_REQUEST_DATA, 
0, 
0, 
0);

if ( !bResults )
{
DWORD dwError = GetLastError();
OutputDebugStringW(L"WinHttpSendRequest fail");
// wsprintf(log, L"WinHttpSendRequest fail >  dwError = %08x(%d)", dwError, dwError);
OutputDebugStringW(log);



if ( dwError == ERROR_WINHTTP_SECURE_FAILURE)
{


OutputDebugStringW(L"WinHttpSendRequest fail > ERROR_WINHTTP_SECURE_FAILURE ");

bIsValid = false;
}
}
else
OutputDebugStringW(L"WinHttpSendRequest OK");

WinHttpCloseHandle(hRequest);
WinHttpCloseHandle(hConnect);
WinHttpCloseHandle(hSession);
return bIsValid;

==========================================================




  • Edited by dbckdgns 6 hours 57 minutes ago
March 23rd, 2015 6:54am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics