SagePay protocol violation error

Question

SagePay protocol violation error

from yesterday at 13:30, two separately written applications that access the SagePay payment gateway and the Reporting API endpoint returned the following error:

The server committed a protocol violation. Section=ResponseStatusLine

It happens in code at a point

 System.Net.HttpWebRequest.GetResponse()

The application for payment has not changed since 2009 and was written by a former staff member and, ironically, it is planned to replace it with 3 weeks. The Reporting application was written at the end of last year and works from the moment of its creation until yesterday.

I spoke with SagePay, and they advise that from their point of view, nothing happened, and the only thing that in my opinion was the last SSLv3 disconnect last month, but at that time the reporting tool was changed to use TLS, and I checked it today and he really uses TLS.

Can anyone shed light on what might be causing this?

Thanks.

0

sagepay

closer Feb 20 '15 at 9:54

source share

3 answers

Richard Day · Answer 1 · 2015-02-23T10:16:00+0000

OK - I have a fix for this :)

Speaking to Sagepay, they no longer support Triple DES encryption, but only AES. By default, Windows 2003 will not use AES - hence the problem.

However, if you install the hotfix in this article: https://support.microsoft.com/kb/948963 , it will enable AES and fix the problem.

By the way, it seems that the link to the fix in this article is broken, but this link works: http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.exe

This requires a reboot, and you need to disable all protocols except TLS1.0 for this to work.

Richard Day · Answer 2 · 2015-02-20T12:47:57+0000

We have the same problem. One suggestion is to add the following to web.config:

 <system.net> <settings> <httpWebRequest useUnsafeHeaderParsing="true" /> </settings> </system.net>

This at least prevents a protocol violation, but instead results in the following error:

The connected connection was closed: the connection was unexpectedly closed.

Another point that interests me in your comment is that we can only reproduce this error on Windows 2003 servers. In Windows 2008, it works fine. I also reproduced this on my Windows 7 dev machine, forcing it to connect via SSL3.

I disabled SSL3 in Schannel for both client and server applications, but I wonder if for some reason it is trying to connect via SSL3 rather than using TLS. Any thoughts?

louiser89 · Answer 3 · 2015-02-20T16:11:26+0000

I just talked to someone at SagePay about this, which says this is a connection issue using SSLv3. We thought we turned it off last November, but he said that when using Windows Server 2003, he heard that it sometimes looks like SSLv3 is disabled, but when it comes to the last step, for some reason it doesn’t.

I am studying this now using our server hosts, but it may be for you and for you.

SagePay protocol violation error

More articles: