I've got access to a java application, which uses the CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA for communication (No possibility to use another one).
Some time ago I had to write a Xamarin App in C#, which connected to it successfully using Bouncy Castle PCL. I had to use Bouncy Castle, since Android (>=6.0) does not allow to use the previously mentioned cipher suite by default.
Now, I have to write a .NET application on Windows, which shall connect to the exact same Java application, so I just copied the code for establishing the connection and installed Bouncy Castle from NuGet. The TcpClient is able to establish a connection, but calling protocol.Connect(new CustomTlsClient()); from the sample code below gives me the exception "System.IO.IOException: Internal TLS error, this could be an attack".
Overriding NotifyAlertRaised for the "CustomTlsClient" tells me, that Bouncy Castle fails to read a record (AlertLevel: 2, AlertDescription: 80, Message: "Failed to read record", Exception: "Org.BouncyCastle.Crypto.Tls.TlsFatalAlert: internal_error(80)").
Shortened sample Code:
...
TcpClient client = tryConnect(ip, port); // simply returns a TcpClient on success
NetworkStream targetStream = client.GetStream();
targetStream.ReadTimeout = Config.Network.TcpStreamReadTimeout;
targetStream.WriteTimeout = Config.Network.TcpStreamWriteTimeout;
TlsClientProtocol protocol = new TlsClientProtocol(targetStream, new Org.BouncyCastle.Security.SecureRandom());
protocol.Connect(new CustomTlsClient()); // <---- Here's the problem
...
CustomTlsClient:
private class CustomTlsClient : DefaultTlsClient
{
public override TlsAuthentication GetAuthentication() => new CustomTlsAuthentication();
public override int[] GetCipherSuites() => new[] { CipherSuite.TLS_ECDH_anon_WITH_AES_256_CBC_SHA };
public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
{
// This gave me further information on the error
base.NotifyAlertRaised(alertLevel, alertDescription, message, cause);
Console.WriteLine("AlertLevel: " + alertLevel);
Console.WriteLine("AlertDescription: " + alertDescription);
Console.WriteLine("Message: " + message);
Console.WriteLine("Exception: " + cause);
}
}
private class CustomTlsAuthentication : TlsAuthentication
{
public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) => null;
public void NotifyServerCertificate(Certificate serverCertificate) { }
}
Since this code is working in a Xamarin App with the PCL version of Bouncy Castle, I really have no clue what I'm doing wrong here... Any suggestions? Any help is appreciated! Thank you in advance.
