Twitter api & TLS 1.2

Help
1

Hi all, I’ve been using Let’s Encrypt for over a year on my A2 hosting Windows shared server. I also use the twitter api to get a timeline. This stopped working a few days ago. Twitter announced this:

“Beginning July 25th 2019 , all connections to the Twitter API (and all other Twitter domains) will require TLS 1.2”

I contacted A2 and they say that my Let’s Encrypt certificate supports TLS 1.2. So … any idea what could be the problem here?

Thanks!

My domain is: mybirthdayfacts.com

The operating system my web server runs on is (include version):Windows

My hosting provider, if applicable, is: A2 hosting

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

2

Hi @jgrand

that's a connection of your client to the Twitter API. That has nothing to do with your certificate.

Looks like you use a programming environment with Tls.1.0.

A certificate has nothing to do with the TLS-protocol. The same certificate can be used with a SSL3, Tls.1.0, Tls.1.1, Tls.1.2 or Tls.1.3 connection.

It's a question of your server configuration.

Checking your connections you use already Tls.1.2 ( https://check-your-website.server-daten.de/?q=mybirthdayfacts.com#connections ):

com
com1137×606 38.2 KB

PS: If you use a shared Windows hosting, your hoster should change the default settings so .NET uses the newest protocol, not Tls.1.0.

Or it is a problem of your own code.

3

Thanks so much, I’m like a fish out of water on this topic. OK, will follow up with A2 (though they use asp.net 2.7 which I thought was TLS 1.2 by default), and will also try the twitter community in case someone there has had a similar issue. Could be my code, but I have no idea what I would need to change! I just do a Get request on the twitter REST API…

Cheers,
Jean

4

I would agree with @JuergenAuer: if you’re using the Twitter API then the problem is most probably with the programming environment that you use to consume the Twitter API, not with anything about your site.

5

Asp.2.7? That's too old. And it's - partial - a wrong standard setup, Microsoft switches after .NET 4.5 or 4.6.

Because NET connections didn't use the best protocol, instead SSL3 and Tls (Tls.1.0).

Is this Asp- or NET-Code? With a HttpWebRequest object?

The object ServicePointManager and the property ServicePointManager.SecurityProtocol is relevant.

Add

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 Or SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls

in the first line of your code (or in the init-block).

The standard is

SecurityProtocolType.SSL3 Or SecurityProtocolType.Tls

so that's wrong, if Twitter blocks Tls.1.0.

6

Thanks everyone! Problem has been solved. I had to change several things, hope this helps someone else!

  1. A2 hosting pointed out that my web.config file was wrong. In my compilation tag I pointed to 4.0. Changed it to this:

    Also, my httpRuntime did not specify any target, I added the target like so:

    (the rest of the stuff was already there and is not needed for this problem, only targetFramework is relevant)

  2. As per JuergenAuer, in my Global.asax I added this:
    protected void Application_Start()
    {
    if (System.Net.ServicePointManager.SecurityProtocol.HasFlag(System.Net.SecurityProtocolType.Tls12) == false)
    {
    System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol | System.Net.SecurityProtocolType.Tls12;
    }
    }

Note: in Visual Studio, intellisense did not recognize the Tls12 enum value. To fix that, right click the project, Property Pages, Build: set the target framework to 4.6 (mine was set to 4.0 - it’s an old project!!)

Thanks again!