TLS 1.1 with VS2008 SP1 - c++

I have a legacy C++ (unmanaged) application build using VS2008 SP1. Currently, it makes calls to the web service hosted on an IIS, and the secure connection is made using SSLv3/TLS1.0. I am planning to make changes to connect using TLS 1.1. Internally, I am using WinINet calls to make connection. Does using VS2008 SP1 have anything to do with TLS1.1? Should I upgrade to a different version of VS (so as to get a new Windows SDK?) just to support TLS 1.1, or will it work with VS2008 SP1? Does anyone have any experience with this type of problem?

WinInet is no part of VisualStudio and it therefore does not matter if you use VS2008 of VS2015.
I cannot find a clear reference but basically you are using the libraries of IE. (A good hint for this can be found in the IPv6 section, here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa385325(v=vs.85).aspx - "Starting with IE7 and above, WinINet supports IPv6 ...")
As you might have experienced already, on a system without IE installed some functionality does not work.
Since the WinInet (Windows / IE) supports TLS1.1 (and TLS1.2 for that matter), your program should just work. Even with VS2008.
Forcing the connection to use TLS1.1 or 1.2 is a whole other question ;-)

Just tunnel the connection throught something like stunnel or a vpn if You have access to client machines

Related

Microsoft HTTP SERVER API environment requirments

I want my C++ application/process to be an HTTP server that listens to requests from another Java process. I am planning to use Microsoft's HTTP Server API for this, but the documentation says:
The HTTP Server API is supported on Windows Server 2003 operating systems and on Windows XP with Service Pack 2 (SP2).
Does this mean that this only works on Windows Server 2003 but not later? I am using Microsoft Window Server 2019 standard.
Also, the documentation says:
When you install the PSDK on drive C:\ of a local computer, the complete server sample application is installed at C:\Program Files\Microsoft SDK\Samples\netds\http\server.
PSDK was replaced by Windows SDK a long time ago, and I am not able to find any sample in the Windows 10 SDK, and also I could not find any sample for the same on GIT.
I am afraid that the HTTP Server API is deprecated, or I am looking at older resources.
Is there any other solution for my problem?
The requirements section (unless otherwise stated on the page) are always minimums. MS is very clear when something has been removed from the API (and even then is almost always a strong warning to quit using something rather than actually removing it).

does gSoapWinhttp plugin with gSoap supports linux

I'm using gSoap proxy services for ews and i need SSL and Auth. support for the endpoint. While my prefer platform is Linux. From gSoap documentation http://www.cs.fsu.edu/~engelen/soapdoc2.html found that it has all SSL and Auth. support in C for linux but i'm using C++.
So when i search on google for SSL and Auth. supports with gSoap in C++, i found https://code.google.com/p/gsoapwinhttp/ link for gsoapwinhttp.
gSoap documentation says that it support most of the platform like windows, linux, macOS etc. and gsoapwinhttp use windows library, so i'm bit of confusing does this gsoapwinhttp plugin with gsoap supports linux platform?
Any help appreciated. thank you.
UPDATE: http://markmail.org/message/sprfixg3gna7t57e#query:+page:1+mid:sprfixg3gna7t57e+state:results this link related to my question, but i don't understand what and how to do, (i'm newbie to C++).
gSoap has builtin support for SSL (gSoap SSL). Even though you are using C++, you can still use the C code and it will work fine. The services generated by soapcpp2 are inherited from struct soap so using the C functions like soap_ssl_server_context will still work.

Authenticate linux client app to windows server app via kerberos or any secure protocol

I need some guides or keywords I can use for my additional research.
Assume there are client and server apps written in C++. There is a possibility to pass blobs from client to server and vise versa. On windows, we can introduce Kerberos utilization, generating, processing such blobs, accepting it, impersonating threads, etc. There are some examples on msdn. It's not so simple, but I've managed to make it work.
But what if my client runs on linux machine? The simplest and unsecured way of authentication is to pass username/domain/password of user in raw format via blobs. But if I want to use Kerberos? So, the questions are:
What preconditions do I need to have on client linux machine? My first thoughts were about some kind of samba/winbind things installed there. I heard samba authenticates to windows AD via Kerberos.
Is there any good examples of performing Kerberos handshake on linux? I know there are some examples on MIT website. Should I use these ones? I guess it's not so easy to make it work in a right way and test it (actually I KNOW it from my windows experience).
The API you should investigate is GSSAPI. If the windows server application uses SSPI ( the windows version of GSSAPI ) then you should be able to write an interoperable client using GSSAPI. It really depends on exactly how the windows server uses SSPI though. See MSDN SSPI for some details.
The MIT kerberos libraries are available with most linux distributions and have all the libraries you need to do GSSAPI with kerberos.
GSSAPI is a library for wrapping data, you still need to implement the resulting protocol exchange. Depending on exactly how the windows server is written this may be quite complex.
It is possible to use Active Directory as your KDC for writing linux client/server kerberos applications. Looking at the Linux Samba code should
help you understand some of the issues involved in writing a linux client
for windows based services.

What direction should I follow to add webservice functionalities to my application?

I have a problem, and I know there are many ways to solve it. I hope you can help me chose the fittest.
I am developping an application mainly using Matlab, and I try to gradually shift some of its functionalities to c++. I develop on windows, for windows.
I am quite experienced in these two programming languages, but I know nothing of web development.
I want to add some functionalities to this application that will use some webservices hosted on a server protected by ssl.
I am alone on this project, but I can spend some time learning new stuff if need be.
I would like to know what tools you think I should better use for this task ?
So far, I have tried and failed the following approach :
calling the webservice directly from Matlab. I have added the self-signed ssl certificate to every truststore I could find on my computer, but I keep getting an error telling me that the certificate is not valid.
calling the webservice using gSoap and c++. For this, I need to rebuild the gSoap binaries with ssl capabilities. I tried too do so using visual studio and mingw/gcc but did not succeed, and I could not find any help online.
I have the feeling after a few hours/days browsing and looking for solution that the tools I try to use are not the most used and therefore not the best documented (and therefore not the best suited for a rookie), so what is your advice?
I think using gSoap from your C++ modules would be the best choice.
Information about using gSoap with SSL as client is available here: Secure SOAP Clients with HTTPS/SSL
A link about using gSoap for building a VS Application: Creating a gSoap eBay Client Application with Visual C++ 2008
May be this helps for using gSoap with MinGW: Using gSoap in Qt/Windows

How do I implement port redirecting/mapping on windows?

I am programming a web proxy that is installed on client machines (same machine as the web browser).
I would like for all traffic that is web traffic to get redirected into my proxy server.
I am using a windows operating system (XP, Windows 2003, Windows 2008, Vista, Windows 7).
What would I need to do, to redirect all internet traffic on port 80 to my web proxy?
I noticed this software allows you to create port mappings in windows. And I can get my proxy to work in that way. One of the components they install is called NDIS and I assume they use that technology to be able to port redirect.
So my question is... what is the best (best as in easiest to implement) API or technology to use to program a port redirector in Windows?
Your options are Application Layer Proxy (= browser proxy settings), Layered Service Provider; TDI driver (or more modern equivalent?); NDIS driver. There is no simple answer to what is best or easiest. You need to take your own skill set into account, as well as the potential compatibility issues. Lots of other programs use each of these methods and you need to be compatible with them, or at least not break them.