Twitter api & TLS 1.2

jgrand · July 31, 2019, 10:44pm

Hi all, I’ve been using Let’s Encrypt for over a year on my A2 hosting Windows shared server. I also use the twitter api to get a timeline. This stopped working a few days ago. Twitter announced this:

“Beginning July 25th 2019 , all connections to the Twitter API (and all other Twitter domains) will require TLS 1.2”

I contacted A2 and they say that my Let’s Encrypt certificate supports TLS 1.2. So … any idea what could be the problem here?

Thanks!

My domain is: mybirthdayfacts.com

The operating system my web server runs on is (include version):Windows

My hosting provider, if applicable, is: A2 hosting

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

JuergenAuer · July 31, 2019, 10:57pm

Hi @jgrand

that's a connection of your client to the Twitter API. That has nothing to do with your certificate.

Looks like you use a programming environment with Tls.1.0.

A certificate has nothing to do with the TLS-protocol. The same certificate can be used with a SSL3, Tls.1.0, Tls.1.1, Tls.1.2 or Tls.1.3 connection.

It's a question of your server configuration.

Checking your connections you use already Tls.1.2 ( https://check-your-website.server-daten.de/?q=mybirthdayfacts.com#connections ):

PS: If you use a shared Windows hosting, your hoster should change the default settings so .NET uses the newest protocol, not Tls.1.0.

Or it is a problem of your own code.

jgrand · July 31, 2019, 11:22pm

Thanks so much, I’m like a fish out of water on this topic. OK, will follow up with A2 (though they use asp.net 2.7 which I thought was TLS 1.2 by default), and will also try the twitter community in case someone there has had a similar issue. Could be my code, but I have no idea what I would need to change! I just do a Get request on the twitter REST API…

Cheers,
Jean

schoen · August 1, 2019, 12:39am

I would agree with @JuergenAuer: if you’re using the Twitter API then the problem is most probably with the programming environment that you use to consume the Twitter API, not with anything about your site.

JuergenAuer · August 1, 2019, 6:14am

Asp.2.7? That's too old. And it's - partial - a wrong standard setup, Microsoft switches after .NET 4.5 or 4.6.

Because NET connections didn't use the best protocol, instead SSL3 and Tls (Tls.1.0).

Is this Asp- or NET-Code? With a HttpWebRequest object?

The object ServicePointManager and the property ServicePointManager.SecurityProtocol is relevant.

Add

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 Or SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls

in the first line of your code (or in the init-block).

The standard is

SecurityProtocolType.SSL3 Or SecurityProtocolType.Tls

so that's wrong, if Twitter blocks Tls.1.0.

jgrand · August 1, 2019, 1:04pm

Thanks everyone! Problem has been solved. I had to change several things, hope this helps someone else!

A2 hosting pointed out that my web.config file was wrong. In my compilation tag I pointed to 4.0. Changed it to this:

Also, my httpRuntime did not specify any target, I added the target like so:

(the rest of the stuff was already there and is not needed for this problem, only targetFramework is relevant)
As per JuergenAuer, in my Global.asax I added this:
protected void Application_Start()
{
if (System.Net.ServicePointManager.SecurityProtocol.HasFlag(System.Net.SecurityProtocolType.Tls12) == false)
{
System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol | System.Net.SecurityProtocolType.Tls12;
}
}

Note: in Visual Studio, intellisense did not recognize the Tls12 enum value. To fix that, right click the project, Property Pages, Build: set the target framework to 4.6 (mine was set to 4.0 - it’s an old project!!)

Thanks again!

system · August 31, 2019, 1:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.