Reputation: 21
HTTP Request using TLS 1.3 fails in .NET only (Token supplied is invalid)
A simple HTTP GET request to a particular website, using TLS 1.3, fails in .NET with Win32Exception "The token supplied to the function is invalid".
var httpClient = new HttpClient();
await httpClient.GetAsync("https://some-website.tld");
Using a webbrowser (MS Edge), or performing the same request using Java or Python works fine. Confirmed using Wireshark that the connection is indeed using TLS 1.3. Other websites using TLS 1.3 also works fine. The certificate algorithm is sha384ECDSA.
Tried intercepting the certificate validation using the ServerCertificateCustomValidationCallback, but it is never executed.
Changing the protocol to TLS 1.2 by setting SslProtocols on HttpClientHandler makes the request complete succesfully (confirmed using TLS 1.2 using Wireshark).
Validated the server certificate using Verify on X509Certificate2, and considering that the connection is established successfully using a browser or other programming languages suggests that the certificate itself is not the problem.
I suspect it has something to do with the underlying implementation used by .NET (SCHANNEL?). I cannot find any further details on the exception.
.NET version 8 on Windows 11 - tried on several machines and different networks.
Any suggestions or further troubleshooting steps ?
Upvotes: 1
Views: 242
Answers (0)
Related Questions
- Send HTTP POST request in .NET
- TLS v1.2 Cipher Suites in .NET 6 / GET Request Timeout
- Preparing a secret file using OpenSSL APIs to decrypt TLS 1.3 traffic in Wireshark
- TLS 1.3 handshake failure when using OpenJDK 14 java module runtime
- HTTPListener not using TLS 1.1 / 1.2 on .NET 4.6 and Server2012R2
- C# and dotnet 4.7.1 not adding custom certificate for TLS 1.2 calls
- .net 4.7 fails to create SSL channel when server responds with TLS 1.1