Does anybody here have any experience with using SSL on windows CE?
I've tried the following:

HP Journada 54x, with M$ High encryption pack installed. I use the
"pocket internet explorer" to connect to a nearby IIS, also with some
high encryyption addon installed. The connection fails.

Next, I connect to a Roxen server, with extensive SSL debug logging
enabled, to try to figure out what's happening. The connection fails
here as well, and I see that the cipher suite 5,
SSL_rsa_with_rc4_128_sha, is selected. On the first encrypted message
sent by the windows ce client, the server gets a bad MAC, and
disconnects.

If I change the roxen server to select cipher suite 4,
SSL_rsa_with_rc4_128_md5, instead, connection succeeds.

So my current hypothesis is that windows ce, at least on SH3 devices,
uses a broken implementation of SHA1.

Has anybody else seen this, and is there any way around the problem
besides disabling all ciphersuites using sha1?

PS. I'm writing a program for wince that uses the builtin SSL features
in winsock. As all documentation I've been able to find is lacking (in
particular for the SO_SSL_SET_VALIDATE_CERT_HOOK feature), pointers to
documents or examples of winsock SSL is also appreciated.

Regards,
/Niels

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]