Darth Florus Posted January 5, 2021 Share Posted January 5, 2021 Hi Pals: My Customers work in conjuntion with Banks. They (the Banks) make security auditory occasionally. This time They find some "Severe Security Issues" with My project maded with UniGUI and implemented with SSL and as Windows Service. Attached are the audit issues They found, if You want to see about. Basically They say that My way to do the SSL implementation is not secure. Based on contents of the report I realize that They want to I migrate My project from Windows Service to IIS because this security concerns are already solved. Are They right? The OpenSSL implementation of UniGUI is that bad? Is there a way to configure UniGUI to avoid this attacks of Birthday, Beast, Poodle, and so on? (funny and fatal names) Please Pals! I want to know Your experiences with SSL implementations about security concerns. Thanks to All and Best Regards UniGui SSL Vulnerability.pdf 1 Quote Link to comment Share on other sites More sharing options...
Administrators Farshad Mohajeri Posted January 5, 2021 Administrators Share Posted January 5, 2021 Hi Oscar, uniGUI internal SSL implementation is based on OpenSSL and Indy. It may not be up to date and it may have some flaws. If you want an up to date SSL solution you need to deploy your app as ISAPI Module to Microsoft IIS or Apache for Windows. 3 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted January 5, 2021 Share Posted January 5, 2021 , 2 hours ago, Farshad Mohajeri said: you want an up to date SSL solution you need to deploy your app as ISAPI Module to Microsoft IIS or Apache for Windows. Hello Farshad, IMHO it's an important information. You should add it on SSL Deployment section (on line documentation). Thx. 1 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted January 5, 2021 Share Posted January 5, 2021 @Oflor, I would like to thanks you. Very importante feedback. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 5, 2021 Share Posted January 5, 2021 Hi, well if it is a StandAlone Application, it is less secure than the service or it can be run under iis. Quote Link to comment Share on other sites More sharing options...
Darth Florus Posted January 5, 2021 Author Share Posted January 5, 2021 3 hours ago, Farshad Mohajeri said: Hi Oscar, uniGUI internal SSL implementation is based on OpenSSL and Indy. It may not be up to date and it may have some flaws. If you want an up to date SSL solution you need to deploy your app as ISAPI Module to Microsoft IIS or Apache for Windows. Thank You very Much Mr. Farshad. This answer points me to the right path from today to the future. The hyperserver is not available on IIS, I assume IIS have other alternative way to do something like that. Thanks Again and Best Regards Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted January 5, 2021 Share Posted January 5, 2021 29 minutes ago, oflor said: The hyperserver is not available on IIS, I assume IIS have other alternative way to do something like that. Hyperserver works fine on IIS. You mean, SSL ? Yes, after buying an SSL from a company (goddady, NameCheap, ...) and sending them your Certificate (cert.pem) you should choose the destination (iis or other) and activating it on your server iis panel. 2 Quote Link to comment Share on other sites More sharing options...
Darth Florus Posted January 6, 2021 Author Share Posted January 6, 2021 17 hours ago, Abaksoft said: Hyperserver works fine on IIS. You mean, SSL ? Yes, after buying an SSL from a company (goddady, NameCheap, ...) and sending them your Certificate (cert.pem) you should choose the destination (iis or other) and activating it on your server iis panel. Thank You very much Pal! I did not know that about Hyperserver! After severals years I will be use IIS again, just for one feature that don't work as espected on service mode everything else work excent for Me. I hope that soon the Linux implementation with UniGUI and apache module work well to use it (including good SSL support). I really don't like to use IIS. Best Regards Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted January 6, 2021 Share Posted January 6, 2021 1 hour ago, oflor said: Thank You very much Pal! I did not know that about Hyperserver! After severals years I will be use IIS again, just for one feature that don't work as espected on service mode everything else work excent for Me. I hope that soon the Linux implementation with UniGUI and apache module work well to use it (including good SSL support). I really don't like to use IIS. Best Regards http://www.unigui.com/doc/online_help/hyperserver-isapi-module-mode.htm Best Regards Quote Link to comment Share on other sites More sharing options...
Darth Florus Posted January 7, 2021 Author Share Posted January 7, 2021 21 hours ago, Abaksoft said: http://www.unigui.com/doc/online_help/hyperserver-isapi-module-mode.htm Best Regards Thank You very much for Your help Pal!!! I breathe with relief that I don't need to change from .exe to .dll My project. It have some customizations that I know doesn't work very well when is used inside a IIS. Best Regards Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted January 7, 2021 Share Posted January 7, 2021 3 hours ago, oflor said: It have some customizations that I know doesn't work very well when is used inside a IIS. You can always ask our Maestro Sherzod. He has huge synphony in his bag Quote Link to comment Share on other sites More sharing options...
docjones Posted January 15, 2021 Share Posted January 15, 2021 i know that there a way that you can rewrite your external IISS https conection to a your internal processs http unigui web server. Quote Link to comment Share on other sites More sharing options...
Tokay Posted January 16, 2021 Share Posted January 16, 2021 Also you can set the sslvTLSv1_2 as default connection method in your TUniServerModule. Default value is sslvSSLv3 and it's not a good method on nowadays. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.