search

EDDiscovery / BaseUtilities

C# Base utilities set
1 stars 8 forks source link

Inara API does not work with Windows7 #35

Closed anzz1 closed 2 years ago

anzz1 commented 2 years ago

Log (from EDDLite)

[2022-03-21T00:14:29.304Z]    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
[2022-03-21T00:14:29.304Z]    at System.Net.HttpWebRequest.GetRequestStream()
[2022-03-21T00:14:29.304Z]    at BaseUtils.HttpCom.Request(String method, String postData, String endpoint, NameValueCollection headers, Boolean handleException, Int32 timeout) in C:\Code\EDDLite\BaseUtilities\BaseUtilities\HTTP\HttpCom.cs:line 94
[2022-03-21T00:14:29.304Z] WebException : The request was aborted: Could not create SSL/TLS secure channel.

https://github.com/EDDiscovery/BaseUtilities/blob/614e7e67b7bf3f4a4d225e4ca7723b561739b960/BaseUtilities/HTTP/HttpCom.cs#L80

Problem

C# .NET HttpWebRequest does not (and will not) work with Windows 7 (or Windows Server 2012) and inara.cz API.

Reason being that inara.cz server accepts only specific TLS1.2 cipher suites which are not available for Windows 7:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

So naturally, the SSL handshake fails, EDDLite reports: "INARA Reports: No Response".

Solution

  1. Inara needs to add at least one of the supported TLS Cipher Suites in Windows 7 to its' server configuration.

Or

  1. Replace HttpWebRequest with a more portable solution, for example something which uses OpenSSL suite family, like libcurl. This would have the added benefit of bypassing Windows TLS stack which can cause problems with misconfigured systems, misbehaving updates, etc. and use an open-source, portable alternative instead.

Or

  1. Add information to EDDiscovery and EDDLite that Inara is not supported on Windows 7.

In any case better error catching should be implemented to https://github.com/EDDiscovery/BaseUtilities/blob/master/BaseUtilities/HTTP/HttpCom.cs , printing out the real reason in the console in case of an exception, e.g. "INARA Reports: SSL Handshake failed" as "INARA Reports: No Response" suggests something like server is offline, which is not the case.

robbyxp1 commented 2 years ago

Thank you for the report. We know about this, and have investigated this when Inara changes its TLS certs.

Windows 7 is out of support by Microsoft. We now longer support windows 7. Inara does not support windows 7 TLS certs.

Since windows 7 is out of support, reengineering the whole HTTP system to use another lib is not worth the effort.

I've updated the wiki https://github.com/EDDiscovery/EDDiscovery/wiki/Inara-integration-with-EDDiscovery to state that we do not support Inara updates on windows 7.