Wgate a gateway for Https with connexion from Wingate

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Wgate a gateway for Https with connexion from Wingate

Postby ekoralewski » Jan 28 17 3:53 am

Hi the community,

I have an ussue of cyphersuite on SAP PI 7.40 on webservice service SOAP consummer.
The server of end url is coded with TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA and our server doesn't contains that suite.

A work around solution could be a proxy .
The principle should be
- connection from to the proxy and
- connection from the proxy with the endurl
That's the proxy which could make the encryption with TLS cypher suite.

Is it possible with Wingate?

Thanks for you collaboration in advance.

Best Regards.

Eric Koralewski
ekoralewski
 
Posts: 2
Joined: Jan 28 17 3:41 am

Re: Wgate a gateway for Https with connexion from Wingate

Postby adrien » Jan 28 17 12:29 pm

Hi

in principle this can work, there are several possible ways to set this up, depending on whether this is your site or not.

If not, your client would just go through WinGate as a forward (normal) proxy with HTTP inspection enabled. Then WinGate will make the TLS handshake with the server, and it supports that cipher suite.

Some sites block HTTPS inspection though with certificate pinning etc, so there's a chance there could still be an issue. I'd recommend testing with a trial license.

Regards

Adrieni
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Wgate a gateway for Https with connexion from Wingate

Postby ekoralewski » Jan 30 17 11:02 pm

Hi Adrieni,

Good news.

I installed a trial version of wingate 9.0.2. How can I parametrize Wingate to do that HTTP inspection?

Thanks in advance of your reply.

Best Regards.

Eric Koralewski
ekoralewski
 
Posts: 2
Joined: Jan 28 17 3:41 am

Re: Wgate a gateway for Https with connexion from Wingate

Postby adrien » Jan 31 17 4:18 pm

Hi

there are several options. Is this your server (specifically, do you have access to the server certificate and private key?)

If not, and the client validates the certificate of the server it connects to, you'll need to spoof a certificate and get the client to trust it somehow.

You could potentially use the WWW proxy, or even just a TCP mapping proxy (as you can specify to negotiate TLS with clients and the upstream connection).

It depends on the answer to the first question.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Wgate a gateway for Https with connexion from Wingate

Postby adrien » Jan 31 17 5:02 pm

Also, what cipher suites does the client support.

Recently OpenSSL deprecated all RC4 and 3-DES cypher suites, and so WinGate 9 does not support them. There is a way to enable these, but it requires changing the openssl DLLs back to a prior version (1.0.2h). We can supply these DLLs.

XP for example doesn't support anything else by default which is why a lot of XP users can no longer access a lot of websites.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 29 guests

cron