Jornada 680 (WinCE 2.11 / H/PC 3.0) - SSL not working
Moderators: C:Amie

Jump to page : 1
Now viewing page 1 [15 messages per page]

Forums · Technical Support · Handheld PC Professional

SopaXorzTaker
Posted 2017-06-29 2:30 PM
#
H/PC Newbie




Posts:
8
Member Nº:
33570
Location:
Israel
Status:
As I said in the subject. I use an Orinoco Silver (PC24E-H-FC) WLAN card (operating tethered to my Android phone).
When I try visiting any site via HTTPS, IE just fails: "Unable to establish secure connection".
I've already installed the 128-bit SSL driver which did not change anything.
I've even found an obscure utility called rootcert (from MS SQL Server CE 1.1), which can import certificates into the registry.
It successfully imported my DER-encoded root certificates (I was using the GeoTrust Global CA for testing), I verified that in regedit (from Power Toys 3.0).

Still, nothing else happened, and I am quite disappointed.
Any ideas?

Edited by SopaXorzTaker 2017-06-29 2:32 PM
 Top of the page
Paianni
Posted 2017-06-30 3:27 PM
#

H/PC Elite

500100252525


Posts:
681
Member Nº:
7708
Location:
England, UK
Status:
Most secure sites require browsers far newer than those that were shipped with CE prior to the .net versions. Your best bet is an HPC2000 or CE.net device with RedGear/Opera 8.65.

I'm sure you're aware that versions prior to CE.net only support WEP encryption for Wi-Fi, which is known to be insecure.
 Top of the page
C:Amie
Posted 2017-06-30 3:47 PM
#


Administrator
H/PC Oracle

100002000200010025


Posts:
14143
Member Nº:
1
Location:
Fields End, UK
Status:
What hash is the DER using?
 Top of the page
Dave Wurm
Posted 2017-06-30 7:33 PM
#
Factorite (Junior)

25


Posts:
30
Member Nº:
14548
Location:
United States
Status:
A follow up to the post by Paianni...
My experience with HPC2000 with RedGear and Opera 8.65 has been disappointing. I have been unable to establish secure connections to most https sites. There are a few rare exceptions... but they are usually sites where security is not essential. Unfortunately, I've had the same experience with the browsers available under Jlime for these devices.
 Top of the page
C:Amie
Posted 2017-06-30 9:08 PM
#


Administrator
H/PC Oracle

100002000200010025


Posts:
14143
Member Nº:
1
Location:
Fields End, UK
Status:
I suspect it's because the older OS doesn't know how to compute the hash required by modern SSL, it's been recommended since 2011 and mandatory since last year to use SHA2 or higher. Old CE didn't even support SHA1, just up to MD5. Let alone the algorithms necessary to perform the asymmetric encryption bit...
 Top of the page
SopaXorzTaker
Posted 2017-07-01 8:23 AM
#
H/PC Newbie




Posts:
8
Member Nº:
33570
Location:
Israel
Status:
I think that the major issue is that neither SSLv2 nor SSLv3 (the only secure protocols supported by SChannel in this version of WinCE) are used anymore.
When badssl.com fixes their SSLv2/3 test pages, I'll give them a check to see if that's the case.

This is quite sad, but we still have JLime
Maybe there's some kind of a replacement schannel DLL which would support TLS v1.1+?

Edited by SopaXorzTaker 2017-07-01 8:26 AM
 Top of the page
C:Amie
Posted 2017-07-01 8:45 AM
#


Administrator
H/PC Oracle

100002000200010025


Posts:
14143
Member Nº:
1
Location:
Fields End, UK
Status:
Not without also implementing the hashes or asymmetric key protocols necessary to fulfil modern standards. schannel piggy backs on a whole stack of work that is missing in CE, DH, RSA, TKIP etc. It would be a rather monumental effort for someone, but I suppose they could at least borrow most of the principles from somewhere like Bouncy Castle.
 Top of the page
SopaXorzTaker
Posted 2017-07-01 8:51 AM
#
H/PC Newbie




Posts:
8
Member Nº:
33570
Location:
Israel
Status:
... or the SChannel from later versions of WinCE shipped under shared-source.
 Top of the page
C:Amie
Posted 2017-07-02 9:48 AM
#


Administrator
H/PC Oracle

100002000200010025


Posts:
14143
Member Nº:
1
Location:
Fields End, UK
Status:
SChannel.dll is not the only DLL that you will have to recompile and if you do it from CE7 you have to deal with all of the missing resource dependencies and unimplemented hooks from across the OS (Kernel and Shell). I imagine it would be easier to create a SChannel.dll stub that hooks onto someone else's runtime framework (or .net of course) and just do a clean break of the CE code.
 Top of the page
hpc:factor« View previous thread · Handheld PC Professional · View next thread »

Jump to page : 1
Now viewing page 1 [15 messages per page]

Jump to forum :
Search this forum
Printer friendly version
E-mail a link to this thread
Seconds to generate: 0.187 - Cached queries : 62 - Executed queries : 10
Server Time now is: Thursday, 21 September 2017 - 11:36