I know here is not the best place to report this issue, but I can't found an place to report the problem in feedback center with only dotnet reproduce case.(iexplore seems work well with tls12 disabled).
Set the server's enabledSslProtocols to Tls|Tls12, and the client to Tls|Tls11, and see the handshake failure with invaild flags.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.ComponentModel.Win32Exception: 给函数提供的标志无效
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at ConsoleApp1.Program.<>c__DisplayClass0_0.<Main>b__1()
General
Provide details on the problem you are experiencing including the .NET Core version, operating system version and anything else that is relevant.
OS: Win10(17711 Insider).
.NET Core version: This affact all version of netcore and also for netfx in the system.
```cs
using System;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace ConsoleApp1
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
var tcpServer = new TcpListener(IPAddress.Any, 8007);
var tlsCertificate = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "dotnetty.com.pfx"), "password");
Task.Factory.StartNew(() =>
{
try
{
tcpServer.Start();
var cli2 = tcpServer.AcceptTcpClient();
var ssl = new SslStream(cli2.GetStream(), false, (_1,_2,_3,_4)=>true);
ssl.AuthenticateAsServer(tlsCertificate, false, SslProtocols.Tls | SslProtocols.Tls12, false);
var data = new byte[65535];
while (true)
{
var i = ssl.Read(data, 0, data.Length);
if (i == 0)
break;
Console.WriteLine(Encoding.UTF8.GetString(data, 0, i));
}
ssl.Dispose();
}
catch(Exception e)
{
Console.Error.WriteLine(e);
}
});
var cli = new TcpClient();
Task.Factory.StartNew(() =>
{
try
{
cli.Connect(new IPEndPoint(IPAddress.Loopback, 8007));
var ssl = new SslStream(cli.GetStream(), false, (_1, _2, _3, _4) => true);
ssl.AuthenticateAsClient("aaa", null, SslProtocols.Tls | SslProtocols.Tls11, false);
while (true)
{
var data = Console.ReadLine();
if (data == null)
break;
ssl.Write(Encoding.UTF8.GetBytes(data));
ssl.Flush();
}
ssl.Dispose();
}
catch (Exception e)
{
Console.Error.WriteLine(e);
}
});
while (true)
{
Thread.Sleep(60000);
}
}
}
}
```
For some issues, you will get a quicker and better response if you file it at a more specific .NET repo. For example, if the problem is with ASP.NET Core, you are encouraged to use the aspnet/home repo.
Issue Title
I know here is not the best place to report this issue, but I can't found an place to report the problem in feedback center with only dotnet reproduce case.(iexplore seems work well with tls12 disabled). Set the server's enabledSslProtocols to
Tls|Tls12
, and the client toTls|Tls11
, and see the handshake failure with invaild flags.General
Provide details on the problem you are experiencing including the .NET Core version, operating system version and anything else that is relevant. OS: Win10(17711 Insider). .NET Core version: This affact all version of netcore and also for netfx in the system.
Please provide a code sample for your issue if it is relevant, either inline, link to a gist (or similar) or add it as a zipped attachment.
You can create any new
.pfx
file, or download it from https://github.com/Azure/DotNetty/blob/dev/shared/dotnetty.com.pfxFor some issues, you will get a quicker and better response if you file it at a more specific .NET repo. For example, if the problem is with ASP.NET Core, you are encouraged to use the aspnet/home repo.