winhttp fails when try to send request with TLS from protected service
From guffy.forums@gmail.com@21:1/5 to All on Fri Apr 6 07:27:16 2018
hi
we have protected our service with certificate in ELAM driver.
(service has LaunchProtected=3)
it used only on Windows 10 and on WinServer 2016 (we don't use it on win 8.1 and earlier OSes).
On Windows 10 x64 (as example on 1703-16299.309) all works perfect.
But on server 2016 x64 (1607-14393.2155) function WinHttpSendRequest fails with error 12175 ERROR_WINHTTP_SECURE_FAILURE
1. Same remote server, same URL for both cases.
2. If I set LaunchProtected=0 for the service on the 2016 server, then rebooted and then tried again - winhttp works well.
3. Simple console application which uses winhttp, launched from user session and tries to download same file - works well on this 2016 server.
So it looks like WinHttp+TLS is broken when use on 2016 serevr from protected service.
How can we solve or workaround this issue? Right now I see only way to don't use service protection on 2016 until this will be fixed.