Hello *,
I'm using the last version of C# OpenSSL from
https://github.com/openssl-net/openssl-net (This wrapper is based on version
1.0.2a of libeay32.dll and ssleay32.dll).
I'm using C# OpenSSL to test my Tls Client that supports TLS starting from
version 1.2 and all the cipher suites. Moreover, I'm using Microsoft windows 7.
I have already installed Microsoft visual C++ 2010 express and Microsoft visual
Studio 2010.
I always face an error "TLSv1.2 81 - Alert (Level: Fatal, Description:
Insufficient Security)"
I have debugged the issue. The issue come from a function called SSL_CTX_new()
which is connected to ssleay32.dll. the clienthello is always sent correctly
and then the OpenSSL server replies with Insufficient Security
The console also shows this:
.NET HSM Received: ClientHello (188 bytes)
.NET Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02b) [not supported]
.NET Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
(0xc023) [not supported]
.NET Offered suite by client: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
[not supported]
.NET Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
[not supported]
.NET Offered suite by client: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
[not supported]
.NET Offered suite by client: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) [not
supported]
.NET Offered suite by client: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) [not
supported]
.NET Offered suite by client: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001) [not
supported]
.NET Offered suite by client: TLS_RSA_WITH_NULL_SHA256 (0x003b) [not
supported]
.NET Offered suite by client: TLS_RSA_WITH_NULL_SHA (0x0002) [not supported]
.NET ALERT SENT : Fatal InsufficientSecurity
.NET no shared cipher suites
And in Wireshark shows this:
"3406.315537","fe80::ff:fe00:2","fe80::1:5","SSL","271","Client Hello"
"3419.805155","fe80::1:5","fe80::ff:fe00:2","TLSv1.2","81","Alert (Level:
Fatal, Description: Insufficient Security)"
So, I think the error is in something related to configuration of ssleay32.dll
My code is simple and is as follows:
try
{
TestCaseBegin();
Output.WriteLine("TLS Server Certificate preparation");
CertDir = Path.GetFullPath("..\\Appl\\Certificates\\Certificate");
TlsServerCertificate = loadCertificateFromFile(Path.Combine(CertDir,
@"Vector_ServerCertificate_RsaSha1_IA_pfx.pfx"), "123456");
TlsServerCaCertificates = new
X509Chain(OpenSSL.Core.BIO.File(Path.Combine(CertDir,
@"Vector_ServerCertificate_RsaSha1_Root_cert.cer"), "r"));
Output.WriteLine("Start connection");
TS_RcTlsConnect(TlsConnectMode.Rsa);
Output.WriteLine("Send Client Hello");
TS_WaitForTcpConnection();
Output.WriteLine("make sslStreamServer");
SslStream sslStreamServer = new SslStream(tcpClient.GetStream(), true,
MyRemoteCertificateValidationHandler,MyLocalCertificateSelectionHandler);
Output.WriteLine("Start AuthenticateAsServer");
sslStreamServer.AuthenticateAsServer(TlsServerCertificate, false,
TlsServerCaCertificates, SslProtocols.Tls, SslStrength.All, false);
}
catch (TestStepFailException e)
{
HandleTestStepFailException(e);
Output.WriteLine(e.ToString());
}
catch (Exception ex)
{
PrintException(ex);
Output.WriteLine(ex.ToString());
}
finally
{
TestCaseEnd();
}
Has anyone an idea?
Best Regards;
Amr
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
