I cannot connect to wss://stream.data.alpaca.markets/v2/sip
I have no problem connecting to wss://data.alpaca.markets/stream or any other websocket server i tried including Polygon, TD Ameritrade, and many others.
I’m using fully patched Windows 2012 R2 server running .Net 4.8 app. It appears that windows 202 R2 does not support TLS1.3 I’m not an expert in SSL but based on my Wireshark research I get a connection failure because my client is using TLS1.2 ciphers while your server requires min ver 1.3
If i’m right what is the possible reason for limiting your connection to TLS1.3 clients only?
If i’m wrong please advise on what can possibly be the cause of such failures (see image below)
What we do not support is Windows Server 2012 R2. General support for this version expired in 2018, so you’ll want to find a currently supported version in order to get your connection functioning.
The fact Microsoft doesn’t support the strongest cipher suites in TLS 1.2 shows that Windows Server 2012 R2 is not as secure as it could be, and that there are no plans from Microsoft to be increasing the security during the extended support period. Why they don’t support these ciphers for TLS 1.2 or 1.3 is more of a Microsoft question.
General support ended in 2018 for this OS; extended support exists to allow Microsoft customers some time to upgrade to a newer version of their software.
For us, its all about maintaining an incredibly high-level of security across the board for our entire platform; this means not allowing any cipher suites that are considered weak, and potentially leave our infrastructure vulnerable.
Our recommendation is to either contact Microsoft to see if they can provide support for the stronger TLS 1.2 cipher suites or upgrade to Windows Server 2016 or later.
It is funny how the Windows Server 2012R2 TLS1.2 ciphers are secure enough for online banking at major banks, many other brokerages and endless HTTPS websites, including your own, but not good enough for your new websocket quote server that distributes “highly sensitive” real time quotes and therefore requires the latest and most secure ciphers
None of the workarounds I found online work. The only option seems to upgrade to 2019 but i’m not ready to upgrade my servers yet - way too much hassle. Will keep using polygon for now.