locked
multiple web service requests to an SSL secured service (HTTP CONNECT)

    Question

  • I'm working on an app which makes multiple SSL requests to a web service. The service has the certificate, there are no client certificates in use. If I look at the messages in Fiddler, it looks like there is an HTTP CONNECT for every request, which gets the servers public key and then makes the actual SSL request. 

    Do I need to do something in the client proxy code to cache the servers certificate to avoid the HTTP CONNECT call every time?

    Thanks, casey

    Tuesday, November 02, 2010 9:29 PM

Answers

All replies

  • I believe this is a Fiddler issue. Try to use WireShark.
    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Tuesday, November 02, 2010 10:36 PM
  • Just found out this was not a Fiddler issue. The cert on the server was configured incorrectly. We run the same code against a new server with a properly configured cert and Fiddler just shows the initial CONNECTs and just HTTPS for every call afterwards.

    UPDATE now it seems to be a badly configured firewall. Using WireShark (as recommended above) or Microsoft Network Monitor, I can see this server is responding with a ton of TCP RST commands. So I'm guessing those RST commands are changing ports are killing the connection and thats why the client has to keep asking for the cert again.

    Thanks

    Tuesday, November 09, 2010 8:43 PM