Log in or register to post comments

"Only https connections are allowed" API response message?

March 27, 2018 - 12:12pm #1

Hello all.

We're attempting our first calls to the Vuforia Web Services API to create a new image target (with metadata) in a test cloud database.

This is using cUrl on Linux to connect to https://vws.vuforia.com/targets

During early development, before we resolved an issue with the HMAC-SHA1 process, we'd get the expected "AuthenticationFailure" json responses, like this (so we're sure we ARE connecting with https):

{"result_code":"AuthenticationFailure","transaction_id":"8531578963774d8daef1aee1ce2075a2"}

But after resolving the HMAC-SHA1 issue, we are now getting no json response at all from the Vuforia API, just a response saying "Only https connections are allowed"

Here's the exact cUrl statement we're using.

curl https://vws.vuforia.com/targets --header "Authorization: VWS 91d244b75ef81095eccdbf8491a389dd5b41312d:7444807d2653969f4f62315f912df61df3311f3a " --header "Content-Type: application/json" --header "Date: Tue, 27 Mar 2018 18:41:02 GMT" --data "@/var/www/AdEverywhere/TempFiles/17A29341D5972CA3A7D112D118FC3A8F.txt"

Does anyone have any ideas why we are getting this response about the https?

Thanks much!

"Only https connections are allowed" API response message?

March 28, 2018 - 12:29pm #2

To follow-up, could this be related to the Vuforia API's requirement of TLS 1.2 with mutual server authentication?

We definitely use TLS 1.2 for the connection. And using cUrl's "-v" option for verbose output definitely shows TLS 1.2 in use with a successful verification of SSL security. Here's the relevant section of the cUrl output:

* Connected to vws.vuforia.com (13.56.61.87) port 443 (#0)

* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

* successfully set certificate verify locations:

  CAfile: /etc/ssl/certs/ca-certificates.crt

  CApath: none

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

* Server certificate:

*  subject: CN=*.vuforia.com

*  start date: Nov  2 00:00:00 2017 GMT

*  expire date: Dec  2 12:00:00 2018 GMT

*  subjectAltName: host "vws.vuforia.com" matched cert's "*.vuforia.com"

*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon

*  SSL certificate verify ok.

But we're not clear how the mutual server authentication works. Our request to the Vuforia API is coming from our site on Google Cloud, behind a Google load balancer. If Vuforia is trying to get the mutual authentication by going to the IP address of our request, it may be failing because our SSL certs are on the load balancer, not the server instances.

Also, Google Cloud SSL connections terminates at the load balancer. See: https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-handled#request_limits

Does anyone know if this would be the issue, and if there is a workaround (or if the mutual server authentication can be disabled)?

Thanks again.

Log in or register to post comments