locked
How to close SSL connection from client?

    Question

  • I am having an issue where I need to reset an SSL connection established using the Windows.Web.Http.HttpClient class, HttpBaseProtocolFilter, and HttpRequestMessage.

    Issue I have is that I have an application that commuincates to a web server using a client certificate as evidence for authentication. I attach this client certificate to the http request by using an HttpBaseProtocolFilter object, setting its ClientCertificate property and initializing the HttpClient object with this filter. This all works wondefully.

    Issue I am running into occurs if while my app is running the client certificate is revoked. In this case the server appropriately rejects future Http requests. I am successfully capturing the error. I then react by making a request to a different server that will issue a new client certificate i can then use to authenticate to my original server request.

    What happens now is that even though my previous HttpClient, HttpBaseProtocolFilter, and HttpRequestMessage objects have all been disposed, creating all new objects with the new client certificate set is still failing. I have to shut down my application and restart for the new certificate to be used.

    What I have detrmined via a WireShark network trace is that during my initial run of the application with old client certificate (while certificate was still valid) the SSL handshake occurs and establishes an SSL connection. All http requests are belonging to this SSL connection. What happens after the original certificate has been revoked is that this SSL connection is never closed. So even though I am attempting to send a request with the new client certificate, all http requests to this server are still using the previous SSL connection. Since now new SSL handshake occurs the new client certificate is never transmitted. The server still believe the old certificate is still the identifying certificate which is now no longer valid for authentication by backend services.

    While i understand the reuse of SSL connection is a big performance improvement, is there any way on the client side to force termination of this SSL connection so subsequent Http request will restart the SSL handshake on a new connection for future requests to use instead? Currently either the server needs to terminate the connection (which I don't control) or the user has to close and restart the app (which I assume the OS termninates and starts a new SSL connection).

    Thank You,

    Raul

    Wednesday, August 20, 2014 2:20 PM

Answers

  • You can include the "Connection: Close" HTTP header to close the connection after the request is complete. The below code should help:

                Windows.Web.Http.Filters.HttpBaseProtocolFilter aFilter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
                aFilter.CacheControl.WriteBehavior = Windows.Web.Http.Filters.HttpCacheWriteBehavior.NoCache;
                aFilter.CacheControl.ReadBehavior = Windows.Web.Http.Filters.HttpCacheReadBehavior.MostRecent;
                Windows.Web.Http.HttpClient aClient = new Windows.Web.Http.HttpClient(aFilter);
                aClient.DefaultRequestHeaders.Add("Connection", "Close");
                for (int i = 0; i < 5; i++)
                {
                    try
                    {
                        String response = await aClient.GetStringAsync(new Uri("https://your_WebServer_URL"));
                        System.Diagnostics.Debug.WriteLine("Response: " + response);
                    }
                    catch (Exception ex)
                    {
                        System.Diagnostics.Debug.WriteLine("Response: " + ex.Message + ", HRESULT = " + ex.HResult);
                    }
                }


    Windows Store Developer Solutions, follow us on Twitter: @WSDevSol|| Want more solutions? See our blog

    Wednesday, August 20, 2014 8:49 PM
    Moderator