Matteo
Reputation: 11
TLS 1.3 with .Net Framework 4.8
I'm trying to setup a test enviroment to test tls 1.3 with .Net Framework 4.8
This is the client code:
public class Tls13Client
{
public static void Main()
{
string serverIP = "127.0.0.1";
int serverPort = 8888;
TcpClient client = new TcpClient();
client.Connect(serverIP, serverPort);
SslStream sslStream = new SslStream(client.GetStream(), false,
new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
X509Certificate2 certificate = LoadCertificate();
try
{
sslStream.AuthenticateAsClient("localhost", new X509CertificateCollection(new[] { certificate }) , SslProtocols.Tls13, true);
Console.WriteLine("Client authenticated with TLS 1.3");
// Perform data exchange using the sslStream
string messageToSend = "Hello from client!";
byte[] buffer = Encoding.UTF8.GetBytes(messageToSend);
sslStream.Write(buffer, 0, buffer.Length);
Console.WriteLine("Sent to server: " + messageToSend);
// Receive the response from the server
byte[] responseBuffer = new byte[4096];
int bytesRead = sslStream.Read(responseBuffer, 0, responseBuffer.Length);
string responseData = Encoding.UTF8.GetString(responseBuffer, 0, bytesRead);
Console.WriteLine("Received from server: " + responseData);
sslStream.Close();
client.Close();
Console.WriteLine("Press enter to close...");
Console.ReadLine();
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message);
if (ex.InnerException != null)
Console.WriteLine("Inner exception: " + ex.InnerException.Message);
}
finally
{
sslStream.Dispose();
client.Dispose();
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// Add your custom server certificate validation logic here
return true; // Accept any certificate (not recommended for production)
}
private static X509Certificate2 LoadCertificate()
{
// Load your client certificate here
string certificatePath = "client_certificate.pfx";
string certificatePassword = "password";
return new X509Certificate2(certificatePath, certificatePassword);
}
}
This is the server code:
public class Tls13Server
{
public static void Main()
{
int port = 8888;
TcpListener listener = new TcpListener(IPAddress.Any, port);
listener.Start();
Console.WriteLine("Server started. Waiting for incoming connections...");
TcpClient client = listener.AcceptTcpClient();
SslStream sslStream = new SslStream(client.GetStream(), false);
X509Certificate2 certificate = LoadCertificate();
try
{
sslStream.AuthenticateAsServer(certificate, false, SslProtocols.Tls13, true);
Console.WriteLine("Server authenticated with TLS 1.3");
// Perform data exchange using the sslStream
byte[] buffer = new byte[4096];
int bytesRead;
while ((bytesRead = sslStream.Read(buffer, 0, buffer.Length)) > 0)
{
string receivedData = Encoding.UTF8.GetString(buffer, 0, bytesRead);
Console.WriteLine("Received from client: " + receivedData);
// Echo the received message back to the client
byte[] responseBuffer = Encoding.UTF8.GetBytes("Server received: " + receivedData);
sslStream.Write(responseBuffer, 0, responseBuffer.Length);
}
sslStream.Close();
client.Close();
Console.WriteLine("Press enter to close...");
Console.ReadLine();
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message);
if (ex.InnerException != null)
Console.WriteLine("Inner exception: " + ex.InnerException.Message);
}
finally
{
sslStream.Dispose();
client.Dispose();
listener.Stop();
}
}
private static X509Certificate2 LoadCertificate()
{
// Load your server certificate here
string certificatePath = "server_certificate.pfx";
string certificatePassword = "password";
return new X509Certificate2(certificatePath, certificatePassword);
}
}
Just by removing the Protocol.tls I can complete an handshake and write/read but as soon as i use the Protocol.tls13 i get: Message : The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, X509Certificate2 selectedCert, Flags flags)
at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest, Boolean renegotiation)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest, Boolean renegotiation)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at Tls13Server.Tls13Server.Main() in C:\Tls1.3\server\Tls13Server\Program.cs:line 27
Enstablish tls 1.3 connection with .net framework 4.8 and write/read between client server
Upvotes: 1
Views: 1727
Answers (0)
Related Questions
- why do I experience issues with SMTP server after upgrading from VB.net 3.5 to 4.8?
- X509Chain error on .NET Core running on Mac
- System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception
- System.IO.IOException: The handshake failed due to an unexpected > packet format?
- Certificate problem with a new machine - credentials supplied to package not recognized
- ASP.NET Core Kestrel on Linux never prompts for client certificate
- Accessing Webservice which is hosted on https server