Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Join Date
    Apr 2010
    Posts
    74

    Default WEBDAV no longer working on a site where it used to. Possible SSL issue in BC?

    I perform sync to a server at the URL https://dms.wi-sun.org/htcomnet/hcwebdav
    This has been working fine until one of the updates to BC in the last month or so.
    WEBDAV access to this server still works using the Windows 7 "Map Network Drive / Connect to a web site" mechanism so I believe the issue is with BC and not the server.

    When attempting to connect, BC4 immediately displays the "Folder not available" error.
    The log shows "1/14/2015 7:26:17 AM Unable to load https://dms.wi-sun.org/htcomnet/hcwebdav/: Connection lost (error code is 100353)"

    A wireshark trace of the connection attempt shows the remote server immediately closes the connection after BC4 sends the SSL Client Hello.

    BC4-captuer-ssl.png



    Here is a wireshark capture of Windows (successfully) accessing the WEBDAV server from the mapped drive:
    MSFT-webdav-Capture.PNG

  2. #2
    Join Date
    Apr 2010
    Posts
    74

    Default

    Here is a detailed view of the Client Hello from BC4 that fails
    BC SSL Client Hello Fails Capture.PNG

    Here is a detailed view of the Client Hello from Windows that works:
    Windows SSL Client Hello Success Capture.PNG

    The main differences are BC is sending SSL 3.0, and then TLS 1.2.
    Windows is sending TLS 1.0 and then TLS 1.0. It appears the server then changes the cipher spec in the Server Hello.

    Update: The server administrator says that SSL 3.0 is vulnerable to Poodle. Can BC4 be configured to connect WEBDAV with TLS?
    Last edited by timg11; 14-Jan-2015 at 12:43 PM.

  3. #3
    Join Date
    Oct 2007
    Location
    Madison, WI
    Posts
    11,949

    Default

    Hello,

    Thanks for the additional details. I'll add these notes to our tracker entry on the subject and we'll look into this.
    Aaron P Scooter Software

  4. #4
    Join Date
    Apr 2010
    Posts
    74

    Default

    Aaron, So there is no workaround currently? If it is true that BC only supports secure WEBDAV using a protocol that has been deprecated due to a security vulnerability, that means developing and releasing a fix will be a very high priority, right?

  5. #5
    Join Date
    Oct 2007
    Location
    Madison, WI
    Posts
    11,949

    Default

    It is. We're currently working on majorly upgrading this support, but it's been a large project and we had been hoping to contain it to a larger (4.1) release due to the potential changes in behavior. It looks like we might not be able to wait that long however, so we're evaluating what it would take to get this into a more immediate bug fix release (4.0.x).
    Aaron P Scooter Software

  6. #6
    Join Date
    Jun 2008
    Posts
    43

    Default

    It would be really great to have this fixed soon.

  7. #7
    Join Date
    Apr 2010
    Posts
    74

    Default

    I just installed 4.0.5, build 19480, released Jan. 27, 2015 .

    I'm still getting the same error message as above. Was this build supposed to fix this issue with WEBDAV and SSL3? I haven't tried the wireshark capture, but I think you (Scooter) can also do it from your side. You don't need a valid login on the site since the server closes the connection before it gets to authentication.

  8. #8
    Join Date
    Oct 2007
    Location
    Madison, WI
    Posts
    11,949

    Default

    Thanks, and yes, that's what one of our developers is working on. The example link from your email will remain active and we can test against it for a bit, correct?
    Aaron P Scooter Software

  9. #9
    Join Date
    Apr 2010
    Posts
    74

    Default

    Any progress on fixing this in 4.0.6?

  10. #10
    Join Date
    Oct 2007
    Location
    Madison, WI
    Posts
    11,949

    Default

    Yes, we have a fix in 4.0.6 that should get this working.
    Aaron P Scooter Software

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •