cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

API on TLS 1.2

Labels:

API on TLS 1.2

airick
New member | Level 2
‎04-03-2018 11:36 AM
Go to solution

For API, is DropBox going to be TLS 1.2 compliant?  On June 20, 2018, early versions of SSL/TLS will no longer be PCI compliant. I was testing the Dropbox API on a TLS 1.2 only server and get the error below. 

 

https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings

 

System.ComponentModel.Win32Exception:
The client and server cannot communicate, because they do not possess a common algorithm at System.Net.SSPIWrapper.AcquireCredentialsHandle (SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)

 

 

 

Labels:
  • 0 Likes
  • 2 Replies
  • 4,015 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎04-03-2018 12:10 PM
Go to solution

The Dropbox API servers do support TLS 1.2, and it seems to be working correctly for me:

 

$ curl --tlsv1.2 -v -X POST "https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings"
*   Trying 162.125.1.7...
* TCP_NODELAY set
* Connected to api.dropboxapi.com (162.125.1.7) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: api.dropboxapi.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> POST /2/sharing/create_shared_link_with_settings HTTP/1.1
> Host: api.dropboxapi.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 (remainder redacted for brevity)

An SSL Labs test confirms as much as well.

 

Based on the error output you shared, if you do have TLS 1.2 enabled, it looks like perhaps your client may not share any ciphers with the Dropbox API servers. The above SSL Labs test page lists the supported ciphers. Please check your client configuration and enable ciphers as necessary.

View solution in original post

0 Likes
2 Replies 2

Greg-DB
Dropbox Staff
‎04-03-2018 12:10 PM
Go to solution

The Dropbox API servers do support TLS 1.2, and it seems to be working correctly for me:

 

$ curl --tlsv1.2 -v -X POST "https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings"
*   Trying 162.125.1.7...
* TCP_NODELAY set
* Connected to api.dropboxapi.com (162.125.1.7) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: api.dropboxapi.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> POST /2/sharing/create_shared_link_with_settings HTTP/1.1
> Host: api.dropboxapi.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 (remainder redacted for brevity)

An SSL Labs test confirms as much as well.

 

Based on the error output you shared, if you do have TLS 1.2 enabled, it looks like perhaps your client may not share any ciphers with the Dropbox API servers. The above SSL Labs test page lists the supported ciphers. Please check your client configuration and enable ciphers as necessary.

0 Likes

Milan K
New member | Level 2
August
Go to solution

In my case the problem was that I had disabled Diffie-Hellman Key exchange. After enabling it and restarting OS, Dropbox is working again.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Milan K New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?