With the help of a colleague, I have discovered some differences in some Windows 11 clients where the TLS 1.3 signature algorithms defined in the registry under ...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003\Functions
... can vary a lot. Specifically I'm missing the RFC-8446 required signature algorithms that will result in a critical encryption alert from the service if a client attempts to connect without these:
- RSAE-PSS/SHA256
- RSAE-PSS/SHA384
- RSAE-PSS/SHA512
Ideally, I'd prefer not to edit the user's registry. Is there a way to add these signature algorithms if missing temporarily in my System.Net.HttpClient? I see there's a Properties property (dictionary) for the System.Net.HttpClientHandler, but nothing specific I can find on helping here. For cases where I'm using third party libraries where the System.Net.ServicePointManager might be more appropriate, is there a way to do something similar here?
Thanks for any advice anyone can offer. Much appreciated. I could not find any classes, properties, etc. to help inject any of the required but missing TLS 1.3 signature algorithms.
