问题
since yesterday afternoon at 1.30pm, two separately written applications that access the SagePay payment gateway and the Reporting API Endpoint have both returned the following error:
The server committed a protocol violation. Section=ResponseStatusLine
This occurs in the code at the point of
System.Net.HttpWebRequest.GetResponse()
The payment application hasn't changed since 2009 and was written by an ex-member of staff and is ironically scheduled to be replaced in 3 weeks. The Reporting application was written at the end of last year and has worked since inception until yesterday.
I have spoken to SagePay and they advise that nothing has happened from their perspective and the only thing on my mind was the recent disabling of SSLv3 last month but at the time, the reporting tool was changed to use TLS and I have checked this today and it is indeed using TLS.
Is anyone able to shed any light on what could be causing this please?
Thank you.
回答1:
OK - I have a fix for this :)
Having spoken to Sagepay, they no longer support Triple DES encryption, only AES. By default Windows 2003 won't use AES - hence the problem.
However, if you install the fix in this article: https://support.microsoft.com/kb/948963 it will enable AES and fix the problem.
BTW, it seems like the link to the hotfix in that article is broken, but this link works: http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.exe
It does require a reboot, and you will need to disable all protocols apart from TLS1.0 in order for this to work.
回答2:
We have the same problem. One suggestion is to add the following to the web.config:
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
This at least avoids the protocol violation, but leads to the following error for me instead:
The underlying connection was closed: The connection was closed unexpectedly.
One other point which I would be interested in your comment on, is that we can only reproduce this error on Windows 2003 servers. On Windows 2008 it works OK. I have also reproduced this on my Windows 7 dev machine by forcing it to connect via SSL3.
I have disabled SSL3 in Schannel for both client and server applications, but I am wondering if it is continuing to connect via SSL3 for some reason, rather than using TLS. Any thoughts?
回答3:
I have just spoken to someone at SagePay about this who says that this is an issue with the connection using SSLv3. We thought we had disabled this in November last year, but he said that when using Windows Server 2003, he’s heard that sometimes it looks like the SSLv3 is being disabled but that when it gets to the last step it doesn’t do it for some reason.
I'm looking into this now with our server hosts, but this could be something for you to look at too.
来源:https://stackoverflow.com/questions/28626061/sagepay-protocol-violation-error