We Want to Hear From You! What Do You Want to See on the Community? Tell us here!

Forum Discussion

airick's avatar
airick
New member | Level 2
8 years ago
Solved

API on TLS 1.2

For API, is DropBox going to be TLS 1.2 compliant?  On June 20, 2018, early versions of SSL/TLS will no longer be PCI compliant. I was testing the Dropbox API on a TLS 1.2 only server and get the error below. 

 

https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings

 

System.ComponentModel.Win32Exception:
The client and server cannot communicate, because they do not possess a common algorithm at System.Net.SSPIWrapper.AcquireCredentialsHandle (SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)

 

 

 

API
  • Greg-DB's avatar
    Greg-DB
    8 years ago

    The Dropbox API servers do support TLS 1.2, and it seems to be working correctly for me:

     

    $ curl --tlsv1.2 -v -X POST "https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings"
*   Trying 162.125.1.7...
* TCP_NODELAY set
* Connected to api.dropboxapi.com (162.125.1.7) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: api.dropboxapi.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> POST /2/sharing/create_shared_link_with_settings HTTP/1.1
> Host: api.dropboxapi.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 (remainder redacted for brevity)

    An SSL Labs test confirms as much as well.

     

    Based on the error output you shared, if you do have TLS 1.2 enabled, it looks like perhaps your client may not share any ciphers with the Dropbox API servers. The above SSL Labs test page lists the supported ciphers. Please check your client configuration and enable ciphers as necessary.

2 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    8 years ago

    The Dropbox API servers do support TLS 1.2, and it seems to be working correctly for me:

     

    $ curl --tlsv1.2 -v -X POST "https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings"
*   Trying 162.125.1.7...
* TCP_NODELAY set
* Connected to api.dropboxapi.com (162.125.1.7) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: api.dropboxapi.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> POST /2/sharing/create_shared_link_with_settings HTTP/1.1
> Host: api.dropboxapi.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 (remainder redacted for brevity)

    An SSL Labs test confirms as much as well.

     

    Based on the error output you shared, if you do have TLS 1.2 enabled, it looks like perhaps your client may not share any ciphers with the Dropbox API servers. The above SSL Labs test page lists the supported ciphers. Please check your client configuration and enable ciphers as necessary.

  • Milan K's avatar
    Milan K
    New member | Level 2
    2 years ago

    In my case the problem was that I had disabled Diffie-Hellman Key exchange. After enabling it and restarting OS, Dropbox is working again.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.6,037 PostsLatest Activity: 4 hours ago
412 Following

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!