6

When establishing an https connection via HttpWebRequest in a C# application where is the list of available ciphers suites that are provided in the SSL handshake stored on the server (2008R2)? Is it a registry setting or how is this determined?

The C# code is just a simple

HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(Uri);
WebReq.Method = "GET";
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();

The issue I am having is that when using IE from the server the list of ciphers provided is different to what is being provided by the C# application (As captured by wireshark.) As such the C# based connection if failing as the Server supports and wants to use TLS_RSA_WITH_RC4_128_SHA which is not being provided by C# app but is being provided by browser SSL handshake.

Using the same code on other servers shows that TLS_RSA_WITH_RC4_128_SHA is being offered in the SSL handshake by the C# app so it leads me to believe that there is something environmental on that particular server but where and how this is controlled is not something I have been able to find.

I would post images of the wireshark captures to show the difference between C# application and IE SSL handshake Client Hello Cipher suite list but I have low rep points.

John Saunders
  • 160,644
  • 26
  • 247
  • 397
Iggy
  • 61
  • 1
  • 2

1 Answers1

0

Here is the registry path SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers

Daniel Fisher lennybacon
  • 3,865
  • 1
  • 30
  • 38
  • Hi Daniel, Have read that the specified location allows you to restrict or explicitly specify the ciphers that are to be used. However the registry item has no ciphers specified yet IE and .NET libraries are providing a different list of cyphers when trying to establish communication. – Iggy Apr 20 '16 at 21:43
  • If nothing is specified it falls back to the default list. Look at [IISCrypto](https://www.nartac.com/Products/IISCrypto/) it is a nice UI to configure client and server TLS settings. – Daniel Fisher lennybacon Apr 21 '16 at 07:31
  • Iggy - were you able to resolve your situation. I too am looking for a way to disable DHE, ECDHE ciphering from my .NET client script so that packets captured on the server can be decrypted. – vbNewbie Oct 18 '16 at 14:10