TMSWebUpdate

Orjan_Nilsen · September 10, 2020, 2:46pm

I have just discovered that TWebUpdate is blocked by the great firewall of china and also in some other countries when using a https URL. Accessing the same URL from a webbrowser on the same PC in these countries work as expected. The great firewall of China is sensitive to https traffic.

from wikipedia:
the Great Firewall can identify the difference between legitimate https TLS and other implementations by inspecting the handshake perimeters

brunofierens · September 11, 2020, 10:17am

This is the first we hear about this.
TWebUpdate is internally using the Microsoft Windows WININET API. This should guarantee HTTP(s) requests are identically to what is used in many other Windows applications including Internet Explorer that is also using these APIs. I would therefore think this is a legitimate HTTPS TLS implementation.
What you could perhaps do is change TWebUpdate.Agent to see if this helps in case they check the agent?

McKibben_Bruce · September 11, 2020, 11:29am

Thanks for your answer! We are using the default value of TWebUpdate.Agent. Have your heard about firewall issues related to Agent before? If the value of TWebUpdate.Agent is the problem, it most be in combination with https, we only changed the url from https to http and our clients having difficulties updating could update.

Output from logfile on computer in china:

10/09/2020 21:05:35 : [918] Checking for Internet connection (Status:3) (Error:0)
10/09/2020 21:05:35 : [921] Found open Internet connection (Status:3) (Error:0)
10/09/2020 21:05:59 : [915] Download : https://autoupdate.macaos.com/joboverview/joboverview.inf (Status:3) (Error:0)
10/09/2020 21:06:47 : [917] File not found : https://autoupdate.macaos.com/joboverview/joboverview.inf (Status:2) (Error:1)
10/09/2020 21:07:04 : [925] Update control file not found (Status:2) (Error:0)
10/09/2020 21:07:23 : [949] Closed Internet connection (Status:3) (Error:0)
10/09/2020 21:07:23 : [949] Closed Internet connection (Status:3) (Error:0)

brunofierens · September 11, 2020, 12:13pm

I have no idea. Is there a proxy involved?

Orjan_Nilsen · September 11, 2020, 12:51pm

No, there is not a proxy involved as I am aware of. I have limited information about the internet connection of our clients in China. The only thing I know is that they can reach the https url with a web browser, but not from TWebUpdate.

brunofierens · September 11, 2020, 2:04pm

Maybe this brings some insights: