TLS authority (maybe) not recognized by Microsoft's Bot Framework


#1

When I try to test my HyperDev app using https://dev.botframework.com/, I get an error that it can’t establish an SSL/TLS connection.

I don’t really see any issues with the cert. HyperDev isn’t using Let’s Encrypt, is it?

Anybody else have any issues with the TLS connection to HD?


#2

It looks like we get our certs from DigiCert, but @james would know for certain.

I do know that clients need to support SHA2 certs, SNI, and TLS1.1+ in order to use TLS with HyperDev… in the few places we’ve had trouble, it turned out the client was using SSLV3 :scream:

More details available on this SSL Labs scan

You can use plain ol’ HTTP with your apps as well, but getting to the bottom of the handshake issues sounds like a better approach :thinking:


#3

I’d imagine the Bot Framework requires that little ol’ S. I would hope so at least. I might try without for kicks.

(I did notice that the HyperDev cert is 128-bit AES, whereas the MBF website’s is 256. I don’t really think that’s it though.)

Thanks for the feedback! Sounds like I will just need to wait until they reply to my post on their support forum! :rolling_eyes:


#4

Got a reply at http://stackoverflow.com/a/38022581/1110820. Apparently the Bot Framework only does TLS 1.0 at this time. HyperDev is too secure!


#5

Nope! Couldn’t be that easy! Per https://github.com/Microsoft/BotBuilder/issues/464, it does TLS 1.2 just fine.

I also tested it against another server running TLS 1.2, and it established a connection.

Anybody at HyperDev willing to grep some server logs?


#6

Not sure what the issue was in June, but I’ve been tinkering with this a bit and Bot Framework is working nicely with GoMix- I mean Glitch- for me now. Both have changed a bit in the past few months, so who knows. Here’s a project you can remix and run with https://glitch.com/edit/#!/project/botframework-starter

One thing worth noting - be sure to put the full url in for the “Messaging Endpoint”. https://your-project.glitch.me/api/messages