cancel
Showing results for 
Search instead for 
Did you mean: 
Tomorrow morning (8/26) from 07:00 AM - 08:00 AM ET we need to make a few updates to our site. During this time, no emails will be sent and some customers will not be able to access their contacts. We recommend finishing up your work before 07:00 AM and logging in after 08:00 AM ET. Thank you for your patience while we make these updates.

Could not establish trust relationship for the SSL/TLS secure channel.

Occasional Contributor

Could not establish trust relationship for the SSL/TLS secure channel.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

 

I've had the Constant Contact API up and running perfectly now for a couple years, no issues what-so-ever, then just recently, this started popping up.  No recent changes in the website or server, it just started happening "out of the blue", yet the API is still continuing to work?

3 REPLIES 3
Highlighted
CTCT Employee

Re: Could not establish trust relationship for the SSL/TLS secure channel.

Hi Julie,

 

Some settings just changed on our side regarding security protocols. Any servers/networks using SSL 3 or TLS 1.0 with an RC4 cipher will not be able to connect to us via the API any longer, to mitigate the risk posed by some well-known security exploits (heartbleed, or man-in-the-middle attacks, to name 2).

 

More details are at http://techblog.constantcontact.com/api/release-updates/support-ending-for-tls-v1-0-rc4-cipher-and-s... Sorry for the inconvenience. Upgrading to a newer security protocol, like TLS 1.1 or 1.2, should stop the issue from occurring.

 

Best Regards,

Shannon Wallace

Partner API Support Engineer

Occasional Contributor

Re: Could not establish trust relationship for the SSL/TLS secure channel.

So from a Win 2003 box, really the only option is TLS 1.0 3DES?  (If you're saying RC4 is unacceptable, I'm assuming RC2 is unacceptable and DES is as well since they are both weaker encryption schemes)

Honored Contributor

Re: Could not establish trust relationship for the SSL/TLS secure channel.

Hi Julie,

 

I want to apologize for the delay in getting you this info!

 

The security changes that we made were to prevent attackers from using the GHOST exploit to decrypt secure traffic to/from our API. These changes have made it so that it is no longer possible to use SSLv3, as well as disabling the use of the RC4 cipher for SSL connections. The best way to address this is to use this patch by Microsoft which enables the use of AES ciphers with TLSv1.0 in Server 2003. http://support.microsoft.com/kb/948963

 

If you have any questions, please let me know!

 

Sincerely,

Elijah G.
API Support Engineer