tlc | Community Creatio

Question

16:42 Jun 14, 2024

I am facing with error code because I have developed Web API at my local machine and I am wondering is there way to temporary bypass this restriction

The error code:
Error code: WebException

Error message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Stack trace:
at Terrasoft.Services.Runtime.ServiceClient.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Terrasoft.Services.Runtime.ServiceClient.Execute(IServiceClientRequest request, CancellationToken cancellationToken)
at Terrasoft.Services.Runtime.ServiceClient.Execute(IServiceClientRequest request)
at Terrasoft.Configuration.ServiceSchema.CallServiceSchemaService.Execute(String serviceName, String methodName, List`1 parameters)

1 comments

Orkhan

11:26 Jun 17, 2024

Hello,

About the error in the logs:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

This is related to our security policy. Below, I am sending you the settings. Please verify from the integration side if they meet our requirements.

Please use the instructions below:
1. Disable support for obsolete and vulnerable versions of SSL/TLS

Disable SSLv2
Disable SSLv3
Disable TLSv1.0
Disable TLSv1.1

Instructions for MS Windows Server configuration

2. Disable support for weak encryption algorithms and protocols:

Anonymous key exchange using Diffie-Hellman protocol
NULL cipher suites
Disable DES, RC2, RC4, and 3DES encryption algorithms (Instructions for MS Windows configuration)
Disable MD5 and SHA-1 hash algorithms (Instructions for MS Windows configuration)

3. Enable the use of only strong encryption algorithms:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

4. Define the sequence of encryption algorithms to be used in accordance with point 3
Instructions for MS Windows Server configuration

5. Enable the TLS Fallback SCSV option

6. Enable the Forward Secrecy option

7. Enable the OCSP Stapling option

Instructions for MS Windows configuration

8. Enable the HSTS option
Instructions for MS IIS configuration

9. Install the MS SQL Server 2012 Native Client on the Creatio application server (in case of using MS SQL DBMS).

Show all comments

Subscribe to tlc