Darth Florus Posted January 5, 2021 Share Posted January 5, 2021 Hi Pals: My Customers work in conjuntion with Banks. They (the Banks) make security auditory occasionally. This time They find some "Severe Security Issues" with My project maded with UniGUI and implemented with SSL and as Windows Service. Attached are the audit issues They found, if You want to see about. Basically They say that My way to do the SSL implementation is not secure. Based on contents of the report I realize that They want to I migrate My project from Windows Service to IIS because this security concerns are already solved. Are They right? The OpenSSL implementation of UniGUI is that bad? Is there a way to configure UniGUI to avoid this attacks of Birthday, Beast, Poodle, and so on? (funny and fatal names) Please Pals! I want to know Your experiences with SSL implementations about security concerns. Thanks to All and Best Regards UniGui SSL Vulnerability.pdf 1 Link to comment Share on other sites More sharing options...
Administrators Farshad Mohajeri Posted January 5, 2021 Administrators Share Posted January 5, 2021 Hi Oscar, uniGUI internal SSL implementation is based on OpenSSL and Indy. It may not be up to date and it may have some flaws. If you want an up to date SSL solution you need to deploy your app as ISAPI Module to Microsoft IIS or Apache for Windows. 3 Link to comment Share on other sites More sharing options...
Abaksoft Posted January 5, 2021 Share Posted January 5, 2021 , 2 hours ago, Farshad Mohajeri said: you want an up to date SSL solution you need to deploy your app as ISAPI Module to Microsoft IIS or Apache for Windows. Hello Farshad, IMHO it's an important information. You should add it on SSL Deployment section (on line documentation). Thx. 1 Link to comment Share on other sites More sharing options...
Abaksoft Posted January 5, 2021 Share Posted January 5, 2021 @Oflor, I would like to thanks you. Very importante feedback. Link to comment Share on other sites More sharing options...
irigsoft Posted January 5, 2021 Share Posted January 5, 2021 Hi, well if it is a StandAlone Application, it is less secure than the service or it can be run under iis. Link to comment Share on other sites More sharing options...
Darth Florus Posted January 5, 2021 Author Share Posted January 5, 2021 3 hours ago, Farshad Mohajeri said: Hi Oscar, uniGUI internal SSL implementation is based on OpenSSL and Indy. It may not be up to date and it may have some flaws. If you want an up to date SSL solution you need to deploy your app as ISAPI Module to Microsoft IIS or Apache for Windows. Thank You very Much Mr. Farshad. This answer points me to the right path from today to the future. The hyperserver is not available on IIS, I assume IIS have other alternative way to do something like that. Thanks Again and Best Regards Link to comment Share on other sites More sharing options...
Abaksoft Posted January 5, 2021 Share Posted January 5, 2021 29 minutes ago, oflor said: The hyperserver is not available on IIS, I assume IIS have other alternative way to do something like that. Hyperserver works fine on IIS. You mean, SSL ? Yes, after buying an SSL from a company (goddady, NameCheap, ...) and sending them your Certificate (cert.pem) you should choose the destination (iis or other) and activating it on your server iis panel. 2 Link to comment Share on other sites More sharing options...
Darth Florus Posted January 6, 2021 Author Share Posted January 6, 2021 17 hours ago, Abaksoft said: Hyperserver works fine on IIS. You mean, SSL ? Yes, after buying an SSL from a company (goddady, NameCheap, ...) and sending them your Certificate (cert.pem) you should choose the destination (iis or other) and activating it on your server iis panel. Thank You very much Pal! I did not know that about Hyperserver! After severals years I will be use IIS again, just for one feature that don't work as espected on service mode everything else work excent for Me. I hope that soon the Linux implementation with UniGUI and apache module work well to use it (including good SSL support). I really don't like to use IIS. Best Regards Link to comment Share on other sites More sharing options...
Abaksoft Posted January 6, 2021 Share Posted January 6, 2021 1 hour ago, oflor said: Thank You very much Pal! I did not know that about Hyperserver! After severals years I will be use IIS again, just for one feature that don't work as espected on service mode everything else work excent for Me. I hope that soon the Linux implementation with UniGUI and apache module work well to use it (including good SSL support). I really don't like to use IIS. Best Regards http://www.unigui.com/doc/online_help/hyperserver-isapi-module-mode.htm Best Regards Link to comment Share on other sites More sharing options...
Darth Florus Posted January 7, 2021 Author Share Posted January 7, 2021 21 hours ago, Abaksoft said: http://www.unigui.com/doc/online_help/hyperserver-isapi-module-mode.htm Best Regards Thank You very much for Your help Pal!!! I breathe with relief that I don't need to change from .exe to .dll My project. It have some customizations that I know doesn't work very well when is used inside a IIS. Best Regards Link to comment Share on other sites More sharing options...
Abaksoft Posted January 7, 2021 Share Posted January 7, 2021 3 hours ago, oflor said: It have some customizations that I know doesn't work very well when is used inside a IIS. You can always ask our Maestro Sherzod. He has huge synphony in his bag Link to comment Share on other sites More sharing options...
docjones Posted January 15, 2021 Share Posted January 15, 2021 i know that there a way that you can rewrite your external IISS https conection to a your internal processs http unigui web server. Link to comment Share on other sites More sharing options...
Tokay Posted January 16, 2021 Share Posted January 16, 2021 Also you can set the sslvTLSv1_2 as default connection method in your TUniServerModule. Default value is sslvSSLv3 and it's not a good method on nowadays. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now