Rebex HTTPS - TLS 1.2, 1.1, SNI and SHA-2 for .NET CF


This was a homepage of the BETA version of Rebex HTTPS.
Final version has already been launched in February 2017.

Get the final version here:
rebex.net/https/  

WebException when using HTTPS on .NET CF?

Trying to access a secure web service from .NET CF?
Watch out for WebException. .NET Compact Framework does not support TLS 1.2, 1.1, SNI or SHA-2 based certificates.

Solve it using Rebex HTTPS

Replace System.Net.WebRequest's standard HTTPS request handler with our implementation that supports modern security standards.
Just call Rebex.Net.HttpRequestCreator.Register() and you are (almost) done.


Limitations of HttpWebRequest on .NET Compact Framework

Even though legacy platforms based on Windows CE 5.0 and 6.0 have been unsupported by Microsoft for years, they are still widely used. It's not really a surprise - Windows Mobile 5.0 and 6.x are still more suitable for many scenarios than the latest Windows 10 Phone, partially due to the fact that unlike the latest "Windows Store Apps" platforms, .NET Compact Framework offers a bigger subset of the full .NET Framework.

However, many of these scenarios require secure communication with HTTPS servers, and this is getting very problematic because .NET CF's HttpWebRequest is outdated. It does not support TLS 1.2 or 1.1, it doesn't support Server Name Identification (SNI), and it does not support SHA-2 in X509 certificates. It also suffers from several authentication-related bugs with no known workaround. This makes it unusable in a growing number of scenarios, and Microsoft will never fix this because it no longer cares about these legacy platforms.

HttpWebRequest replacement for .NET CF with TLS 1.2, 1.1, SNI and SHA-2 support

Fortunately, it's now possible to work around these shortcomings using a Rebex HTTPS library. It features a HttpWebRequest replacement object for .NET Compact Framework that plugs into the existing .NET CF WebRequest API and provides the features the default HTTP/HTTPS provider lacks. Most importantly, it adds support for TLS 1.2, TLS 1.1, SNI and SHA-2, it works even on old devices based on Windows CE 5.0 and it makes it simple to add TLS 1.2 support to existing SOAP web service clients.

SHA-1 deprecation is currently in progress - major browsers and operating systems will start rejecting certificates signed by SHA-1 soon, and many websites are soon going to disable support for TLS/SSL ciphers based on SHA-1 as well. As of 2016, trusted certification authorities are no longer issuing SHA-1 certificates, which means many web sites and services will only work in HTTPS clients with SHA-2 support.

Rebex HTTPS component already supports TLS 1.2, 1.1 and SHA-2, and uses a full-featured certificate validator shared with all Rebex TLS/SSL based components. For more details see Validation of X.509 certificate with SHA-2 signatures on .NET Compact Framework.

Download Rebex HTTPS (Web) final version (trial) »

Getting started

Using Rebex HTTPS transport for WebServices

To give our HTTP/HTTPS replacement a try, follow these steps:

C# sample
...
using Rebex.Net;
...

// create an instance of Rebex HTTP request creator
var creator = new HttpRequestCreator();

// specify enabled TLS/SSL versions
// TLS 1.2, 1.1 and 1.0 are enabled by default, SSL 3.0 has to be enabled explicitly (if needed uncomment the following line):
//creator.Settings.SslAllowedVersions |= TlsVersion.SSL30;

// register request creator to handle HTTP and HTTPS requests
// (replaces .NET's default HttpWebRequest)
creator.Register();

// now you can use WebRequest as usual - it will use our HttpRequestCreator
WebRequest request = WebRequest.Create("https://test.rebex.net/");
...

// please note that objects returned by WebRequest.Create are not instances of HttpWebRequest,
// which means casting the returned object to HttpWebRequest will fail (we may address this
// limitation in the future)

Making direct HTTPS requests

C# sample
// register the HttpRequestCreator to be used instead of the system implementation
HttpRequestCreator creator = new HttpRequestCreator();
creator.Register();

// download web page content 
WebRequest request = WebRequest.Create(address);
WebResponse response = request.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
	string body = sr.ReadToEnd();
	tbBody.Text = body;
}
response.Close();

Frequently Asked Questions

What are the current limitations?

A known limitation is lack of full HttpWebRequest API support - we only aim to implement most of WebRequest API for now.

Will this make my SOAP web service work again?

If you are using the stubs generated by .NET and you are unable to access the SOAP web service due to lack of TLS 1.2, TLS 1.1, SNI or SHA-2 support in .NET CF, this will make it work again. If it doesn't, please let us know and we'll help you make it work.

How can I obtain the full, non-expiring version of Rebex HTTPS?

Purchase it on www.rebex.net/https

Supported platforms

Changelog

2017-02-10 - First public release of the full, non-expiring version. 
             Check out the new homepage rebex.net/https.

2017-01-12 - Improved certificate revocation list (CRL) parsing speed.

2016-12-20 - Custom certificate validator added.
             Support for Elliptic Curves cryptography (ECDH) added 
             (plugins are needed for most platforms including .NET CF, Xamarin, and Windows older than Vista).
             Incorporated changes from the latest release of Rebex components.
             Added Xamarin (iOS, Android, Mac) versions of the library.
             Tons of fixes and improvements.

2016-09-14 - Enhanced HTTP core.
             Fixed several bugs.

2016-08-12 - Fixed a bug in TLS/SSL renegotiation handling that caused a NullReferenceException in some scenarios.
             Incorporated latest changes in shared functionality.

2016-08-05 - Response stream data is now read on-the-fly.
             Fixed several bugs in authentication.
             Fixed HTTP session cache.
             Incorporated changes in shared functionality from the latest release of Rebex components.

2016-07-08 - New Rebex HTTPS WebGet sample project.
             Added UserAgent property. 
             Added TlsSession cache.
             Numerous internal fixes and improvements.
             Improved SHA-2 compatibility.
             Fixed memory usage when registering HttpRequestCreator multiple times.
             Improved KeepAlive funcionality.

2016-03-15 - First version of Rebex HTTPS released on Rebex Labs.

Send us feedback

Do you have any comments, questions or suggestions? Either post at our support forum or contact us directly at support@rebex.net.