Windows 8 Error in WinHttpSendRequest

Nov 14, 2014 at 6:42 PM
I got "Error in WinHttpSendRequest" in Windows 8 while making https get call. the same code runs fine in Windows 7.

After checking wireshark log, I found cassablanca missing
TLS_RSA_WITH_RC4_128_SHA in windows 8 while handshaking with https server.

is there any way we fix or get around the problem?
Nov 15, 2014 at 2:25 AM
Hi Zhong,

Can you please provide a little more detail. Can you catch the http_exception being thrown and then examine what the std::error_code value and message are? What exactly do you mean when you say you "found Casablanca missing TLS_RSA_WITH_RC4_128_SHA in windows 8"?

Steve
Nov 16, 2014 at 7:20 PM
Hi Steve

I get error code 12175, error in WinHttpSendRequest.

TLS_RSA_WITH_RC4_128_SHA is from Wireshark log. we found the difference between win7 and win8 log was missing this cipher in win8.

-Zhong
Nov 20, 2014 at 5:51 PM
Hi Zhong,

I'm really unsure as to how to attempt to solve the problem here. As our implementation we are using WinHttp and don't do anything different on Windows 7 and Windows 8. We also don't mess with any settings regarding cipher suites. You see this consistently across multiple Windows 8 machines? Is there a public server that I can reach that reproduces this easily?

Thanks,
Steve
Nov 20, 2014 at 6:06 PM
Edited Nov 20, 2014 at 6:11 PM
it is consistent for windows 8 since mid of august. seems like microsoft released some kind of patch at that time.

try to connect to https://api-qa.kaiserpermanente.org/interchange/v1.0/token, you should be able to see the missing cipher in windows 7 and 8. while connecting, ignore any errors, just use wireshark to check network traffic.

explorer, firefox and curl have no problem in windows 8.
Nov 20, 2014 at 9:24 PM
RC4 has been disabled in .NET applications due to a security vulnerability.

https://technet.microsoft.com/en-us/library/security/2960358.aspx

The best option would be to update your TLS to version 1.1 or 1.2. Alternatively, you can likely reenable RC4 through a registry edit. Firefox/Curl use OpenSSL which does not follow the normal system security policies.
Dec 10, 2014 at 7:25 PM
does version 3.0 fix the problem? i found version 3.0 has openssl build-in.
Dec 10, 2014 at 8:09 PM
Hi Zhong,

I assume you mean version 2.3.0, there is no version 3.0. Openssl was added as a dependency for our secure websocket client based implementation on websocketpp, completely unrelated to this.

Steve