Recently updated to 2.4.0.beta4 (1576b07a10) and since the update one of our external applications is no longer able to authenticate with the Discourse API.
The application throws a simple error of
The request was aborted: Could not create SSL/TLS secure channel.
The application is using TLS1.2, is this no longer supported?
Any thoughts on recent changes which might save me several hours of debugging the other application?
Right, I’ll get debugging then, something else must have changed on our Discourse which is causing our external applications to fall over as it’s occurring on both our dev and prod environments.
Turns out we had a very similar issue as described here:
Our external legacy application that connects to our Discourse API is running on an old Windows 2008 R2 server.
For whatever reason, the Windows server and the Discourse server were unable to agree on a cipher suite after the recent Discourse updates were installed earlier this week. Whether some ciphers were altered during the update, or if this issue coincided with a LetsEncrypt cert renewal at the same time, I don’t know
Anyway, rather than edit our Discourse, I was able to add a couple of cipher suites to the Windows server that they both agreed on, again with the help of the SSL Labs link that @Falco shared above
I guess this was caused by the change of cipher suites during the upgrade to Debian. I would have expected that my addition of the elliptic curve certificate would have made this work on all older Windows systems, not just IE11. If I’m not mistaken IE11 uses the Windows crypto library…