Reputation: 55
Connect to Server via SSL with various Cipher strengths and algorithms in C#
Searched around a bit, found different tools to check weak ciphers. How can I determine what ciphers/alogrithms the Server supports via .net/c#?
I can test sslv2, sslv3 and tls via (ssl.protocols.ssl2/ssl3/tls):
TcpClient client = new TcpClient();
client.Connect("host", 443);
using (SslStream Ssl = new SslStream(client.GetStream()))
{
Ssl.AuthenticateAsClient("host", null, System.Security.Authentication.SslProtocols.Ssl3, false);
Console.WriteLine(Ssl.CipherAlgorithm);
Console.WriteLine(Ssl.CipherStrength);
Console.WriteLine(Ssl.SslProtocol);
}
client.Close();
How do I check the algorithms and other weak ciphers via C#? I am looking at SSLDiagnos but it is in c?
Any ideas?
Upvotes: 3
Views: 4855
Answers (4)
Reputation: 1
The ssldiagnos application is now merged with another tool: sslpressure which does not use openssl at all, just check the initial client hello (much simpler), maybe you can use that as a template for your project.
Upvotes: 0
Reputation: 1
I would still take a look at ssldiagnos and maybe port it to c# using OpenSSL.NET? http://sourceforge.net/projects/openssl-net/ Then all you would have to do is to port the c-code into c# and leave the OpenSSL-code.
Upvotes: 0
Reputation: 46050
CipherAlgorithm and HashAlgorithm properties of SslStream. You define what is "weak" for you, and check the negotiated algorithm against your list of "weak" ones.
Update: Sorry for misunderstanding the question. The server doesn't seem to send the list of supported ciphersuites, so the only option is to enable one cipher suite at a time on the client and attempt to connect using it. I don't see that SslStream allows you to specify allowed ciphersuite(s), however you can use our SecureBlackbox components for this - they let you fine-tune the component (SSL client) easily.
Upvotes: 3
Reputation: 456
The server chooses a ciphersuite to use from the list requested by the client. I.e. you should take some library that allows to enable/disable certain ciphersuites, and try to connect to the server enabling suites one-by-one. SslStream doesn't support flexible ciphersuites adjustment.
Upvotes: 1
Related Questions
- How can I connect a C# SSLStream client to an OpenSSL server?
- SslStream and Authentication
- C# SSL secure sockets
- How to allow a Server to accept both SSL and plain text (insecure) connections?
- How to specify a cipher for an SSL connection in .NET?
- How to create SSLStream which uses Ssl3 instead of Tls
- Cipher selection for sslStream in .NET 4.5
- C# Sockets and SslStreams
- Determining SSL/TLS encryption?
- Cannot decode complete cipher list in .NET SslStream handshake