.NET Core 6 http request problem with TLS 1.3

Question

I am trying to use REST services from corporative (inner) site. That system is outsourcing (we can't change anything in it) and uses TLS 1.3. Issuer is

RapidSSL Global TLS RSA4096 SHA256 2022 CA1

and algorithm is SHA256withRSA

I have tried all the possible libraries including RestSharp, Flurl and HttpClient. Passing Tls13 protocol as parameter. The same problem exists with .NET Core 7 preview (which should have better TLS support).

My code looks like this:

var options = new RestClientOptions("https://xx.xxx.com/auth/login")
{
    ThrowOnAnyError = true,
    Timeout = 1000,
    Expect100Continue = true,
};
var client = new RestClient(options);
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

var response = client.Post(new RestRequest().AddJsonBody(new { user = "xxx@xxx.com", password = "123456" }));

or this code :

var tokenrequest = new TokenRequest() { User = "xxx", Password = "123" };
HttpClient _httpClient;
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
_httpClient = new HttpClient(httpClientHandler);

ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls13;
var response = await _httpClient.PostAsync("https://yyy.com", CreateHttpContent<TokenRequest>(tokenrequest));
response.EnsureSuccessStatusCode();
var data = await response.Content.ReadAsStringAsync();
Console.WriteLine(data);

In all cases I get the same error:

Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'.

The message received was unexpected or badly formatted.

Fiddler detailed error message says:

HTTPS handshake to yyy.com (for #7) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The message received was unexpected or badly formatted

Win32 (SChannel) Native Error Code: 0x80090326

TLS 1.3 doesn't support RSA. See : https://en.wikipedia.org/wiki/Transport_Layer_Security?force_isolation=true You need ECDHE-RSA (forward secrecy) or DHE-RSA (forward secrecy) — jdweng, Oct 20 '22 at 09:31

score 0 · Answer 1 · answered Oct 20 '22 at 09:24

0

What OS are you using to run your app?

Because TLS 1.3 Clients are supported only on Windows 11/Server 2022, that is it's OS level error you have.

Most probably your machine is sending TLS handshake specifing it's max supported TLS version is 1.2 and it fails here because server is requiring 1.3 so you get 'HandshakeFailure'.

answered Oct 20 '22 at 09:24

Petr Abdulin

33,883
9
62
96

Windows 10 ,Can it be executed in Dockers ? – alekoo73 Oct 20 '22 at 10:37
That code can only be executed in Dockers conatiner .Windows 10 failed to execute TLS 1.3 cleint code – alekoo73 Oct 21 '22 at 02:02

.NET Core 6 http request problem with TLS 1.3

1 Answers1