[Mono-dev] SslStream and TLS 1.1, 1.2

Duncan Pierce duncan.pierce at commodifusion.com
Wed Jan 16 13:10:13 UTC 2013 

Support for TLS 1.1 and 1.2 appears to be new in .Net 4.5. It looks like Mono 3.0.3's SslStream doesn't yet support the newer protocols. 


I'm using SslStream's AuthenticateAsServerAsync to handle HTTPS connections, and getting exceptions when Google Chrome 24.0.1312.52 beta connects: 


IOException ("The authentication or decryption has failed.") 
------------------------------------------------------------ 
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00044] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:106 


The inner exception of which is: 


NotSupportedException ("Unsupported security protocol type") 
------------------------------------------------------------ 
at Mono.Security.Protocol.Tls.Context.DecodeProtocolCode (Int16 code) [0x0001f] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs:419 
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientHello.processProtocol (Int16 protocol) [0x00007] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs:109 
at Mono.Security.Protocol.Tls.Handshake.Server.TlsClientHello.ProcessAsTls1 () [0x00000] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs:76 
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00037] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake/HandshakeMessage.cs:105 
at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () 
at Mono.Security.Protocol.Tls.ServerRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x0002a] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs:74 
at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00123] in /mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:397 


I guess Chrome falls back through protocol versions until it reaches one SslStream understands, creating a new TCP connection for each request. Annoyingly, it repeats this process for every connection. 


Is anyone working on implementing TLS 1.1 and 1.2? I couldn't find it in the Xamarin bug-tracker. 


By the way, I found AaltoTLS ( https://github.com/juhovh/AaltoTLS ) which implements 1.1 and 1.2, but BeginAuthenticateAsServer is stubbed. 


Kind regards, 
Duncan Pierce 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20130116/f0f0c118/attachment.html>

More information about the Mono-devel-list mailing list