[Mono-dev] TLS 1.2 Client Certificate Authentication

ashr ashr at ashr.net
Thu Jul 27 12:50:19 UTC 2017


Hi guys,

I've been trying to connect to a threat repository to suck intel feeds
down with Mono. The interface use a client certificate and basic authto
validate the connection.

I've played with mono versions from the version that comes with Xenial,
all the way through to Mono JIT compiler version 5.0.1.1. The furthest
I've come was on the latest version, I can see it at least tries to
speak TLS 1.2, but something goes wrong before the Client Key Exchange,
(so I'm  guessing the Server Key exchange fails, wild guess from
wireshark caps, I'm not an expert in SSL handshakes).


This is the code I'm using to set this connection
up:*https://pastebin.com/Ei3bsjdF*

* The MyRemoteCertificateValidationCallback validates the server cert
without errorand Mono seems to add the client certificate to the request
just fine as well.

A paste with the error that occurs during runtime (SecureChannelFailure
(Syscall)): *https://pastebin.com/sUXQf9KF*

Screenshot of wireshark cap of the connection process:
*https://imagebin.ca/v/3UjPy99nEI94*

Screenshot of a wireshark cap of a working connection through python
(Using the same client side certificate connecting to same backend):
*https://imagebin.ca/v/3UjQdz43jKSQ*

*
*

When I get some time tonight and during the weekend, I'll try set up a
server with client side auth and test it locally as well, but if any of
you gurus have an idea of what is going wrong or how to troubleshoot
further, please let me know ?


Many thanks

ash

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dot.net/pipermail/mono-devel-list/attachments/20170727/af87d66a/attachment.html>


More information about the Mono-devel-list mailing list