0

I am having a strange behavior on Window 7 (Win 10 & 11 has no issues). My code (below) works perfectly when connecting from Win7 as client to Win10/11 as server , however when roles are swapped (win7 as a server and win10/11 as client it fails). I tried both scenarios and couple of win10 and 11 machines without issues, which made me come up with the conclusion its a Win7 related.

The connection is based on mutual trust, so both client and server sends their certificates. When the server calls the custom RemoteCertificateValidationCallback it has the following fields: object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors.

When win7 is the TcpListener (i.e the host) the validation callback is called with:

  1. certificate = null
  2. sslPolicyErrors = RemoteCertificateNotAvailable.

Reminder: same code, different roles it works.

Compiled with core3.1 (tested also using 5.0). The certificates are self-signed.

Client code:

await client.ConnectAsync(remoteIP, remotePort);
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidatePeerCertificate),
null);

sslStream.AuthenticateAsClient(remoteIP, new X509Certificate2Collection(localCertificate), false);

server:

var tcpClient = m_listener.AcceptTcpClient();
sslStream = new SslStream(
tcpClient.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidatePeerCertificate),
null);
sslStream.AuthenticateAsServer(localCertificate, true, false);

I thought this might be the problem: https://learn.microsoft.com/en-US/troubleshoot/windows-server/windows-security/ssltls-communication-problems-after-install-kb931125 But the problem persists also after removing the key from the registry.

Any thoughts? Thanks ahead.

TTomer
  • 356
  • 2
  • 11
  • Encryption bugs in Net aren't solved until you use Net 4.7.2 or later and then target your CORE method. You are using Core 3.1 that still has bugs. There are too many issues with using older versions of Net and Core to guess what exactly is causing issues. You also may be having issues with versions of TLS. Not all encryption modes work with all versions of TLS. Also if you are using a Cell Phone make sure the kernel has been updated. If I would guess, sounds like Win 10 is using TLS 1.3 for connections. When Win 7 is server it is using obsolete TLS 1.1. Only TLS 1.2 and 1.3 are valid – jdweng Jan 20 '22 at 10:36
  • Thank you @jdweng , I tried forcing the connection protocol using the overloaded AuthenticateAsServer and AuthenticateAsClient methods with SslProtocols.Tls, Tls11 and Tls12 - same problem. However! When i set win10 client to Tls12 and the win7 server as tls11 i have received some inner exception text: "The client and server cannot communicate, because they do not possess a common algorithm." – TTomer Jan 20 '22 at 11:16
  • 1
    SSL, TLS 1.0, TLS.1.1 was disabled with a Windows Update two years ago. Unless you override the Registry you cannot use these versions. – jdweng Jan 20 '22 at 11:42

0 Answers0