Xamarin iOS SslStream.AuthenticateAsUser() returns exception "Unknown Secure Transport error `PeerHandshakeFail'."

Question

I'm working on a Xamarin application where i'm establishing a connection with a Server. The server code is currently a blackbox for me, i only have the documentation.

However, since the server switched to TLS1.2 i'm trying use .NET's SslStream to authenticate on my app. I made sure that both are using the same certificate. The certificate is selfsigned though.

Whenever i try to do AuthenticateAsClient i get the following exception:

Mono.Security.Interface.TlsException: Unknown Secure Transport error `PeerHandshakeFail'.

Here's some part of my code:

using (var stream = new SslStream(new NetworkStream(mainSocket), false, new RemoteCertificateValidationCallback(ValidateServerCertificate)))
{
   try
   {
       stream.AuthenticateAsClient(ServerIpAdressServer, GetX509CertificateCollection(), System.Security.Authentication.SslProtocols.Tls12, false);
   }
   catch (Exception e)
   {
       Console.WriteLine(e);
   }
}

(The ValidateServerCertificate always returns true)

Here's my method to get the certificate:

public static X509CertificateCollection GetX509CertificateCollection()
{
    var assembly = IntrospectionExtensions.GetTypeInfo(typeof(MyClass)).Assembly;
    X509CertificateCollection collection1;
    using (MemoryStream ms = new MemoryStream())
    {
        assembly.GetManifestResourceStream("namespace.cert.pem").CopyTo(ms);
        X509Certificate2 certificate1 = new X509Certificate2(ms.ToArray());
        collection1 = new X509CertificateCollection();
        collection1.Add(certificate1);
    }
    return collection1;
}

Thanks in advance!

Perhaps the client is not compatible with server in TLS1.2 . — Junior Jiang, Jul 10 '19 at 03:14
@JuniorJiang-MSFT Do you know if there's any reason for that? Usually xamarin iOS should be compatible with TLS1.2, right? — Elias Johannes, Jul 10 '19 at 07:13

Junior Jiang · Accepted Answer · 2019-07-16T01:18:27.220

1

Here is a Warning in document about TLS1.2 in Xamarin IOS.May be helpful for you.

the downside is that it requires the event loop to be running for async operations to be executed.

SslStream.AuthenticateAsClientAsync Method : Authenticate the client side of a client-server connection as an asynchronous operation.

So from your testing with async method ,this is the right solution. Glad solved it.

edited Jul 16 '19 at 01:18

answered Jul 10 '19 at 07:46

Junior Jiang

12,430
1
10
30

Thank you for your help so far! My proeject is running on the latest version of Xamarin.iOS and Forms. I also set the HttpClient Implementation to `NSUrlSession`. What i realized though is, that in the article it says, that the downside of TLS1.2 is that operations need to be operated async. So maybe i need to use `AuthenticateAsClientAsync()` if i use TLS1.2? – Elias Johannes Jul 10 '19 at 09:12
@EliasJohannes You can try AuthenticateAsClientAsync . If not works , have a try this:Under "Project Options > iOS Build", change the "SSL/TLS implementation" setting back to the old default "Mono (TLS v1.0)". If be helpful , thanks for marking in advance. – Junior Jiang Jul 10 '19 at 09:20
I really got it working by using the async authenticate method. Your link brought me on the right path. If you want you can edit your answer so i can mark it as accepted – Elias Johannes Jul 15 '19 at 11:47
@EliasJohannes Okey, Glad this works. I have updated answer , and thanks for replying and marking in advance :) – Junior Jiang Jul 16 '19 at 01:20

Xamarin iOS SslStream.AuthenticateAsUser() returns exception "Unknown Secure Transport error `PeerHandshakeFail'."

1 Answers1