[Mono-list] OpenSSL s_client talking to SslStream or SslServerStream

Peter Hultqvist phq at silentorbit.com
Wed Aug 8 23:32:27 UTC 2012


Hi Sebastien

from the output of openssl, the client, I get:
SSL-Session:
    Protocol  : TLSv1
or
    Protocol  : SSLv3
Matching the SslProtocols.Tls/Ssl3 that I put in the
AuthenticateAsServer() call in the server code.

Using Wireshark I got from the client:

SSLv3 Record Layer: Handshake Protocol: Client Hello
Version: TLS 1.0 (0x0301)

but the next packet from my server is:

SSLv3 Record Layer: Alert (Level: Warning, Description: Internal Error)
Version: TLS 1.0 (0x0301)

I can add that I got it working using the OpenSSL.NET wrapper.
But I rather use the System.Net framework to make it easier to move
between platforms.

On 2012-08-09 01:09, Sebastien Pouliot wrote:
> Hello Peter,
>
> A quick guess would be that the client does not use SSL3 or TLS1 -
> which are the only versions Mono supports. A network trace (e.g.
> wireshark) would show if this was the case or not.
>
> Sebastien
>
> On Wed, Aug 8, 2012 at 5:46 PM, Peter Hultqvist <phq at silentorbit.com> wrote:
>> I'm writing an IMAP server that will accept SSL connections.
>>
>> It is tested using openssl:
>>     openssl s_client -connect localhost:1993
>>
>> On connection an IOException is thrown with an inner
>> NotSupportedException: "Unsupported security protocol type"
>>
>> I have tried using two methods:
>>
>> With the System.Net.Security.SslStream:
>>
>>             ssl = new SslStream(tcp.GetStream(), false);
>>             ssl.BeginAuthenticateAsServer(
>>                 Listener.Certificate,
>>                 false,
>>                 SslProtocols.Tls,
>>                 false,
>>                 AuthenticateSslCallback, null);
>>
>> And with the Mono.Security.Protocol.Tls.SslServerStream:
>>
>>
>>                 ssl = new SslServerStream(
>>                     tcp.GetStream(),
>>                     Listener.Certificate,
>>                     false,
>>                     true, SecurityProtocolType.Tls);
>>
>> Both are generating the same exception mentioned above.
>>
>> On http://www.mono-project.com/Cryptography it mentions Tls being
>> implemented but it only says 100% managed not whether it has complete
>> functionality.
>>
>> This was all tested on Ubuntu, mono 2.10.8.1.
>> Finally I tried the first example on windows and it worked.
>>
>> I'm not sure where to go from here, whether to look for other libraries
>> or file a bug?
>> Should I expect my code to work on mono?
>> _______________________________________________
>> Mono-list maillist  -  Mono-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-list



More information about the Mono-list mailing list