[Mono-dev] Still stuck in a bad place with TLS 1.2 support
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Wed Nov 2 00:30:49 UTC 2016
> From: Mono-devel-list [mailto:mono-devel-list-bounces at lists.dot.net] On
> Behalf Of gsemones
> I built Mono and could see lots of references to Boring TLS. I built my Mono
> project (not Xamarin.Mac) using the latest Mono and targeting .NET
One of the most useful things you can do is make this reproducible/verifiable by other people. I'll suggest creating and sharing a really simple project, that's just simply a server that does some trivial work, and a simple client that does some trivial work. Simple, clear, trivial, everyone should understand the code.
Since the problem is related to cert negotiation, and things have probably only been tested using self-signed and auto-generated certs, and your example is failing with real-world certs, the unfortunate truth is you probably need to generate a real "garbage" cert, and simply publish it with your project. I've certainly encountered a problem before, where mono failed to work with real-world certs, because it was only tested with the internal generated test certs. If you get a new free cert for "untrusted-garbage-test-machine.example.com" and simply hard-code the cert and keys right into the project, that will enable everyone who's interested, to actually reproduce your results.
Bear in mind, one of the most useful measures for success, is that the same exact project builds and runs on windows, but fails to build or run on mono. So be sure to test the behavior on windows, to eliminate any possibility that your code is actually wrong somehow.
More information about the Mono-devel-list