March 14, 2017

Adventures in SSL : TLS 1.2 & Klipfolio

by Israel Lopez in Articles

SSL is the web technology that enables secure communication between computers. Its an intricate system with many different components that all work to prevent eavesdropping on communication.  It is technology used to enable secure banking, eCommerce, and regular communication.

The basic idea is that you must trust both conversation participants to communicate securely, and if you cant then you should not communicate at all.

That is basically what we discovered earlier this week. A client of ours is using our KExtract product, a tool that publishes data from internal systems to an amazing Dashboard service Klipfolio.  They had mentioned that about a month ago the updates stopped working.

After a couple of days of investigation we discovered the true problem.

The client and server cannot communicate, because they do not possess a common algorithm …

This was buried deep in error a few exceptions deep. Missing Data -> Missing Response -> Failed Web Request -> Failed Security -> Client and Server cannot communicate…

Bad developer, no bonus.

We thought hey, lets fix the communication, after a few stackoverflow dives we discovered the one thing that made it not work for _this_ customer.  Their server version, Server 2008.  The gist is, Server 2008 is simply too old to have the security software to enable modern encryption.

Reference this serverfault post: http://serverfault.com/a/751903

newserver

Install a new operating system, everything will be fine after that!

Unfortunately for us, these sort of issues will come up and we hate to point the cause to something we cant control; but in this case, it is true. We cant control the operating system or the equipment the customer has.

At least from a customer service, and software development standpoint we know exactly what is wrong. It could have been so easy to pass the buck down to the customer’s system administrator, who would probably burn many hours trying to figure things out without the error message clue.

In conclusion, upgrade your systems, Windows Server 2008 Service Pack 2 has been end of life for years now (1/13/2015).