Hi, While testing Tls implementation of iec-104 server, it is observed that the server is selecting TLS 1.0 even when the client supports higher versions. Upon inspecting the code it is found that in lib60870/CS104/ClientConnection.cs file line 1235,
"sslStream.AuthenticateAsServer(tlsSecInfo.OwnCertificate, true, System.Security.Authentication.SslProtocols.Tls, false);" here tls version 1.0 is explicitly specified causing server to choose the old tls 1.0 version. If we replace the above line with
"sslStream.AuthenticateAsServer(tlsSecInfo.OwnCertificate, true, System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13, false);"
The above issue is resolved.
psnx
commented
6 days ago
Hi, While testing Tls implementation of iec-104 server, it is observed that the server is selecting TLS 1.0 even when the client supports higher versions. Upon inspecting the code it is found that in lib60870/CS104/ClientConnection.cs file line 1235, "sslStream.AuthenticateAsServer(tlsSecInfo.OwnCertificate, true, System.Security.Authentication.SslProtocols.Tls, false);" here tls version 1.0 is explicitly specified causing server to choose the old tls 1.0 version. If we replace the above line with "sslStream.AuthenticateAsServer(tlsSecInfo.OwnCertificate, true, System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13, false);" The above issue is resolved.