C# OpenSSL openssl-net-master - OpenSSL Server malfunction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello *,

 

Even if no one know what to do, has anyone ever used OpenSSL Server? and if so, is there any configuration parameters that I should take care of in case of OpenSSL Server?

 

I hope to hear positive response from you guys.

 

Best Regards,

 

Amr

 

From: Hegazi, Amr
Sent: Tuesday, July 25, 2017 6:50 PM
To: 'openssl-users@xxxxxxxxxxx'
Subject: Considering C# OpenSSL openssl-net-master

 

Hello *,

 

I’m using the last version of C# OpenSSL from https://github.com/openssl-net/openssl-net (This wrapper is based on version 1.0.2a of libeay32.dll and ssleay32.dll).

 

I’m using C# OpenSSL to test my Tls Client that supports TLS starting from version 1.2 and all the cipher suites. Moreover, I’m using Microsoft windows 7. I have already installed Microsoft visual C++ 2010 express and Microsoft visual Studio 2010.

 

I always face an error “TLSv1.2  81 - Alert (Level: Fatal, Description: Insufficient Security)”

 

I have debugged the issue. The issue come from a function called SSL_CTX_new() which is connected to ssleay32.dll. the clienthello is always sent correctly and then the OpenSSL server replies with Insufficient Security

 

The console also shows this:

.NET   HSM Received: ClientHello (188 bytes)

.NET   Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) [not supported]

.NET   Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) [not supported]

.NET   Offered suite by client: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025) [not supported]

.NET   Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) [not supported]

.NET   Offered suite by client: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) [not supported]

.NET   Offered suite by client: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) [not supported]

.NET   Offered suite by client: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) [not supported]

.NET   Offered suite by client: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001) [not supported]

.NET   Offered suite by client: TLS_RSA_WITH_NULL_SHA256 (0x003b) [not supported]

.NET   Offered suite by client: TLS_RSA_WITH_NULL_SHA (0x0002) [not supported]

.NET   ALERT SENT    : Fatal InsufficientSecurity

.NET   no shared cipher suites

 

And in Wireshark shows this:

 

"3406.315537","fe80::ff:fe00:2","fe80::1:5","SSL","271","Client Hello"

"3419.805155","fe80::1:5","fe80::ff:fe00:2","TLSv1.2","81","Alert (Level: Fatal, Description: Insufficient Security)"

 

So, I think the error is in something related to configuration of ssleay32.dll

 

My code is simple and is as follows:

 

try

        {

              TestCaseBegin();

 

            Output.WriteLine("TLS Server Certificate preparation");

            CertDir = Path.GetFullPath("..\\Appl\\Certificates\\Certificate");

TlsServerCertificate = loadCertificateFromFile(Path.Combine(CertDir, @"Vector_ServerCertificate_RsaSha1_IA_pfx.pfx"), "123456");

TlsServerCaCertificates = new X509Chain(OpenSSL.Core.BIO.File(Path.Combine(CertDir, @"Vector_ServerCertificate_RsaSha1_Root_cert.cer"), "r"));

 

            Output.WriteLine("Start connection");

            TS_RcTlsConnect(TlsConnectMode.Rsa);

 

            Output.WriteLine("Send Client Hello");

            TS_WaitForTcpConnection();

 

            Output.WriteLine("make sslStreamServer");

SslStream sslStreamServer = new SslStream(tcpClient.GetStream(), true, MyRemoteCertificateValidationHandler,MyLocalCertificateSelectionHandler);

           

Output.WriteLine("Start AuthenticateAsServer");

           

sslStreamServer.AuthenticateAsServer(TlsServerCertificate, false, TlsServerCaCertificates, SslProtocols.Tls, SslStrength.All, false);

        }

 

        catch (TestStepFailException e)

{

HandleTestStepFailException(e);

Output.WriteLine(e.ToString());

             }

       catch (Exception ex)

{

PrintException(ex);

                    Output.WriteLine(ex.ToString());

             }

        finally

        {

            TestCaseEnd();

        }

 

Has anyone an idea?

 

Best Regards;

 

Amr

 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux