[Mono-list] OpenSSL s_client talking to SslStream or SslServerStream

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Aug 9 00:58:54 UTC 2012 

Hello Peter,

Can you attach the trace ? (even if it's just to myself) and the full
stack trace ? since the same error message comes from a few different
places.

Thanks
Sebastien


On Wed, Aug 8, 2012 at 7:32 PM, Peter Hultqvist <phq at silentorbit.com> wrote:
> Hi Sebastien
>
> from the output of openssl, the client, I get:
> SSL-Session:
>     Protocol  : TLSv1
> or
>     Protocol  : SSLv3
> Matching the SslProtocols.Tls/Ssl3 that I put in the
> AuthenticateAsServer() call in the server code.
>
> Using Wireshark I got from the client:
>
> SSLv3 Record Layer: Handshake Protocol: Client Hello
> Version: TLS 1.0 (0x0301)
>
> but the next packet from my server is:
>
> SSLv3 Record Layer: Alert (Level: Warning, Description: Internal Error)
> Version: TLS 1.0 (0x0301)
>
> I can add that I got it working using the OpenSSL.NET wrapper.
> But I rather use the System.Net framework to make it easier to move
> between platforms.
>
> On 2012-08-09 01:09, Sebastien Pouliot wrote:
>> Hello Peter,
>>
>> A quick guess would be that the client does not use SSL3 or TLS1 -
>> which are the only versions Mono supports. A network trace (e.g.
>> wireshark) would show if this was the case or not.
>>
>> Sebastien
>>
>> On Wed, Aug 8, 2012 at 5:46 PM, Peter Hultqvist <phq at silentorbit.com> wrote:
>>> I'm writing an IMAP server that will accept SSL connections.
>>>
>>> It is tested using openssl:
>>>     openssl s_client -connect localhost:1993
>>>
>>> On connection an IOException is thrown with an inner
>>> NotSupportedException: "Unsupported security protocol type"
>>>
>>> I have tried using two methods:
>>>
>>> With the System.Net.Security.SslStream:
>>>
>>>             ssl = new SslStream(tcp.GetStream(), false);
>>>             ssl.BeginAuthenticateAsServer(
>>>                 Listener.Certificate,
>>>                 false,
>>>                 SslProtocols.Tls,
>>>                 false,
>>>                 AuthenticateSslCallback, null);
>>>
>>> And with the Mono.Security.Protocol.Tls.SslServerStream:
>>>
>>>
>>>                 ssl = new SslServerStream(
>>>                     tcp.GetStream(),
>>>                     Listener.Certificate,
>>>                     false,
>>>                     true, SecurityProtocolType.Tls);
>>>
>>> Both are generating the same exception mentioned above.
>>>
>>> On http://www.mono-project.com/Cryptography it mentions Tls being
>>> implemented but it only says 100% managed not whether it has complete
>>> functionality.
>>>
>>> This was all tested on Ubuntu, mono 2.10.8.1.
>>> Finally I tried the first example on windows and it worked.
>>>
>>> I'm not sure where to go from here, whether to look for other libraries
>>> or file a bug?
>>> Should I expect my code to work on mono?
>>> _______________________________________________
>>> Mono-list maillist  -  Mono-list at lists.ximian.com
>>> http://lists.ximian.com/mailman/listinfo/mono-list
>

More information about the Mono-list mailing list