Error 12175 – [HTTPS] ERROR_WINHTTP_SECURE_FAIL

Solved479 views
0
0 Comments

Hi,

Im using a connector that uses a HTTPS connection and the element using the connector is going into timeout due to Error 12175 - [HTTPS] ERROR_WINHTTP_SECURE_FAIL.

Using Wireshark i can see DataMiner is offering TLS v1.0 & v1.2

The server is running Windows Server 2016 & application version 10.3.2309.2502.

My issue is similar to the question posted here: https://community.dataminer.services/question/https-error_winhttp_secure_fail/?hilite=ssl

However the registry fixes mentioned in this one only seem to be for Windows versions upto Windows Server 2012.

Interestigly I'm able to obtain an element connection to the same device on another DataMiner cluster. This server is running Windows 2022 & application version 10.3.2243.11360.

Do you know of any other fixes for later versions of Windows? Or any configuration setting i should adjust?

Many Thanks!

Chris Jones [DevOps Advocate] Selected answer as best 20th February 2024

1 Answer

2
1.90K 4 Comments

Hi,

My guess is that the device you're trying to connect to, does not accept TLS 1.0 and TLS 1.2. Would it be possible to verify which TLS versions the device does accept?

Since the other Agent, running on windows server 2022, is able to connect I would guess that the device only accepts TLS 1.3, but I could be wrong on this.

Kind regards,

Seppe Dejonckheere [SLC] [DevOps Enabler] Posted new comment 21st February 2024
Chris Jones [DevOps Advocate] commented

Hi Seppe,

Thanks for the quick repsonse. The device does accept TLS 1.2, on the agent that is able to establish a connection only TLS 1.2 is being offered where as from the agent unable to establish a connection TLS 1 & 1.2 are appearing to be offered as per the capture above.

Thanks,
Chris Jones [DevOps Advocate] commented

After starting another packet capture it does look like the device will only accept TLS 1.3
Seppe Dejonckheere [SLC] [DevOps Enabler] commented

Windows Server 2016 does not yet support TLS 1.3. So if your device only accepts TLS 1.3, there are 2 options:
1. Check if TLS 1.2 can be enabled on the device (TLS 1.2 is still supported and considered secure)
2. Run the element on a DMA that runs on Windows server 2022.

Source: https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl–schannel-ssp-
Seppe Dejonckheere [SLC] [DevOps Enabler] commented

There is also the possibility that the device does accepts TLS 1.2, but that the DMA and the device aren’t able to agree on which cipher suite to use.