Webhook registration issue

webhooks

#1

Hi, In one of the environments, I am running into
errors : 214, message Webhook URL does not meet the requirements. Please, check your SSL Configuration.

When I change my call back URL on the same twitterApp, to a different environment, I get a successful ping for CRC from twitter.

I already see a conversation on this:

This is my working call back URL :
https://ABC/social/api/social/socialfeed/twitter/onmessage/org/globalorg

This is my NON-Working callback URL :
https://XYZ/social/api/social/socialfeed/twitter/onmessage/org/globalorg

The CURL command $CURL https://XYZ/social/api/social/socialfeed/twitter/onmessage/org/globalorg is infact returning
“schannel: SSL/TLS handshake complete”

Can any one please suggest what could have gone wrong ?
Here is my twitterApp : RavisTestAppForIntg(https://developer.twitter.com/en/apps/15983697).

Thanks in Advance!

Ravi.


#2

Ok; looks like ensuring the cipher set as per recommendation has helped us.

Ensure the list of ciphers is a modern list such as:
`ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA’

"Not having these guidelines implemented will not prevent your webhook from functioning, but are highly reccomended by the Twitter Information Security team"
But in the newly spun environment, twitter failed to register webhook, though these are only recommended not-necessary.

Here is the link to recommendation:

https://developer.twitter.com/en/docs/accounts-and-users/subscribe-account-activity/guides/securing-webhooks.html