Announcement

Collapse
No announcement yet.

UPDATED - Betfair.com Login - Disabling TLS Ciphers - 3rd February 2020

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • UPDATED - Betfair.com Login - Disabling TLS Ciphers - 3rd February 2020

    On Monday 3rd February we’ll be deprecating support for specific TLS ciphers.

    Disabling support for these TLS ciphers means that Betfair customers using the below browsers/operating system and language versions will no longer be able to log-in using the Betfair website or API (i.e. via identitysso.betfair.com)

    • Android 2.3.7
    • Android 4.0.4
    • Android 4.1.1
    • Android 4.2.2
    • Android 4.3
    • Baidu Jan 2015
    • IE 6 / XP
    • IE 7 / Vista
    • IE 8 / XP
    • IE 8-10 / Win 7
    • IE 10 / Win Phone 8.0
    • Safari 5.1.9 / OS X 10.6.8
    • Safari 6.0.4 / OS X 10.8.4
    • Java 6u45
    • Java 7u25
    • OpenSSL 0.9.8y

    The ciphers that will no longer be supported are:

    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256

    Betfair Developer Program

  • #2
    I am little concerned this may affect me , I dont fully understand it
    I use old scripting language that I know very well for my API Developing my ideas on windows 10 PC, could you confirm if I have a problem, below is the info that I think you need so you can answer my question ?

    oHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
    oHTTP.Open("POST", url, @FALSE)
    a=oHttp.SetClientCertificate("API-NG Cert")
    oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded");
    oHTTP.SetRequestHeader("X-Application",appkey)
    oHTTP.SetRequestHeader("Accept","application/json")
    if sessionToken<>"" then oHTTP.SetRequestHeader("X-Authentication",sessionToken)

    Comment


    • #3
      Hi suckerM

      You won't be affected by this release.

      In addition, we are currently reporting on all customers using weak TLS ciphers and will contact all customers affected directly prior to this release.

      Kind Regards

      Neil

      Comment


      • #4
        Hi,

        To confirm, the above release was made successfully earlier this morning.

        Kind Regards

        ​​​​​​​Betfair Developer Program

        Comment


        • #5
          Hi there!

          I can not login to the API with my bot since this morning. Is it this modification the problem or the brexit (maybe the hungarian government blocking the API address...)?

          My op system is win 7. Could it be the problem?

          Regards,

          zeal001
          Last edited by zeal; 03-02-2020, 01:15 PM.

          Comment


          • #6
            My bots also failed to login today via the api on their windows 2008 server machine, but they would run on my win 10 dev machine.

            I found the information above on what had changed to be particularly opaque, as I suspect very few bot authors would be explicitly choosing TLS ciphers.
            I could log in to the betfair website on the same machine so concluded it was some config level thing rather than an installation level issue.
            After some reading on TLS and default version behaviours on various operating system versions, I tried setting the TLS version in my code to 1.2 (rather than the default), and this seems to have resolved my problem, for now at least.

            My fix, in C#, was simply: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            Comment


            • #7
              Hi Thurfe!

              Thank you for your answer! It works.

              Comment


              • #8
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

                Does not work need help

                Comment


                • #9
                  Originally posted by AlexX View Post
                  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

                  Does not work need help
                  I am not the expert you need, but I can tell what I have done to fix my program.

                  I am using the betfair c# program i have found on the github. (Of course, I have modified it.)
                  There is a file as: AppKeyAndSessionProvider.cs. I have inserted this line before the login details:

                  try
                  {
                  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                  string uri = string.Format("https://{0}/api/login?username={1}&password={2}", _host, _username, _password);

                  HttpWebRequest loginRequest = (HttpWebRequest)WebRequest.Create(uri);
                  loginRequest.Headers.Add("X-Application", _appkey);
                  loginRequest.Accept = "application/json";

                  etc...

                  Now the login was fine, but the BetfairClient.cs was throwing new errors, so I copy-pasted this line one more time:

                  public BetfairClient(string appKey, Action preNetworkRequest = null, WebProxy proxy = null)
                  {
                  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                  if (string.IsNullOrWhiteSpace(appKey)) throw new ArgumentException("appKey");

                  this.appKey = appKey;
                  this.preNetworkRequest = preNetworkRequest;
                  this.proxy = proxy;
                  }

                  etc...

                  End that's it. Works like a charm.
                  Not the most precise solution, but I hope it can help you.

                  Comment


                  • #10
                    I would say that you need to make sure you have the latest version of .net (4.5 or over at least)

                    Comment


                    • #11
                      net 4.8 and server 2012

                      everything is correct in the program code. The bot works on another PC (win 2010). Stopped working on win server 2012 !!!

                      Comment


                      • #12
                        ReImage VPS server 2012!!! It works! Thank you

                        Comment


                        • #13
                          Thanks Zeal, the code

                          ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

                          worked for me!

                          Comment


                          • #14
                            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

                            It didn't work for me I already updated .net framerwork to 4.6 and tls 1.2 is available now but it has the same behavior.
                            I'm using windows server 2008 r2.
                            Is this a problem? How can I check which protocol is being used? I can login easily with curl.
                            Some help much appreciated

                            Comment


                            • #15
                              Originally posted by chem View Post
                              ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

                              It didn't work for me I already updated .net framerwork to 4.6 and tls 1.2 is available now but it has the same behavior.
                              I'm using windows server 2008 r2.
                              Is this a problem? How can I check which protocol is being used? I can login easily with curl.
                              Some help much appreciated
                              I got it. Windows Server 2008 is incompatible with TLS1.2

                              Comment

                              Working...
                              X