Using HTTPS with Monotouch and WCF

Question

we have an application running with monotouch on the iPhone. At the moment we're using BasicHttpBinding to connect to a WCF service. We're now in the process to making the connection secure, using again BasicHttpBinding with BasicHttpSecurityMode.Transport (this is effectively HTTPS).

We created a self-signed certificate and added this on the server. When accessing the server-address through a browser (both from a iPhone and from a PC) we can connect to it without a problem. However, if we connect with our MonoTouch Application we will get the following exception:

    System.Net.WebException has been thrown
    Error writing request: BeginWrite failure

We used Wireshark to analyze the connection and found out that the server is closing the connection (server sends tcp reset after it received ClientHello). We found in the errorlog of IIS the following message:

    An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

If we look into which ciphers are supported by our server, we see the following list:

    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_RC4_128_MD5
    SSL_CK_RC4_128_WITH_MD5
    SSL_CK_DES_192_EDE3_CBC_WITH_MD5
    TLS_RSA_WITH_NULL_SHA256
    TLS_RSA_WITH_NULL_SHA

Whereas we know that Monotouch at least supports TLS_RSA_WITH_AES_128_CBC_SHA (According to Wireshark)

Does anyone have solution to fix this problem or a workaround? Maybe we need to use some special options in IIS or in makecert?

Thanks in advance!

Answer 1

Does your browser display a certificate error? If so, you must use:

ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;

Do this once in your program before your first request. It auto-accepts all certificates, even self-signed ones.

Even still, I think MonoTouch should be giving a different error message here. What happens on Windows?

Answer 2

Mono (and MonoTouch) support many of the ciphers from your list (most except the one with *DH*).

The error on your log suggest the server is not accepting the connection due to cipher selection. In SSL/TLS the client sends his list to the server and the server selects the one it prefers (performance / security). There's nothing you can change on the Mono[Touch] side to affect this.

I've seen such cases only when the server is not configured to accept any of the offered ciphers (from Mono). That's generally servers configured to support only *DH* ciphers.

It's not always easy to be 100% sure what the server supports (or is configured to allow). The SSL/TLS protocol never sends such list (unlike the client).

I suggest you to use Wireshark and some web browsers to connect to the server. If the connection works and use a *DH* cipher then you'll know (98%) that your server is likely misconfigured (wrt the list above).

Why ? because browsers generally support many ciphers (like Mono) and *DH* (unlike Mono). So if the server selected a *DH* cipher it's a good clue it does not allow anything else. Usual selection for servers tends to use RC4 or AES - but YMMV.