runtime: SslStream throws badly formatted message exception when using TLS1.3
How should we set the the signature algorithm for using TLS1.3. There is a difference the way client behaves for TLS1.2 and TLS1.3. I was told that the client has to set the signature algorithm to RSAPSS. How do we achieve this using SSlstream class in c#.I have received the following from the server team. They say “signature algorithm list in the message coming from the client (client hello message) that does not have RSAPSS.” The same setup works fine for TLS1.2. If i am using TLS1.3 i receive the following exception.
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
Packet capture of client hello is
Frame 318: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits) Encapsulation type: Raw IP (7) Arrival Time: Apr 11, 2020 03:38:11.261327000 India Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1586556491.261327000 seconds [Time delta from previous captured frame: 0.141928000 seconds] [Time delta from previous displayed frame: 0.145929000 seconds] [Time since reference or first frame: 8.142697000 seconds] Frame Number: 318 Frame Length: 189 bytes (1512 bits) Capture Length: 189 bytes (1512 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: raw:ip:tcp:tls] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Raw packet data Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1) 0100 … = Version: 4 … 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 189 Identification: 0x3c2e (15406) Flags: 0x4000, Don’t fragment Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 127.0.0.1 (127.0.0.1) Destination: 127.0.0.1 (127.0.0.1) Transmission Control Protocol, Src Port: 64658 (64658), Dst Port: servistaitsm (3636), Seq: 1, Ack: 1, Len: 149 Source Port: 64658 (64658) Destination Port: servistaitsm (3636) [Stream index: 4] [TCP Segment Len: 149] Sequence number: 1 (relative sequence number) [Next sequence number: 150 (relative sequence number)] Acknowledgment number: 1 (relative ack number) 0101 … = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) Window size value: 10233 [Calculated window size: 2619648] [Window size scaling factor: 256] Checksum: 0x70a7 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [Timestamps] TCP payload (149 bytes) Transport Layer Security TLSv1.3 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 144 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 140 Version: TLS 1.2 (0x0303) Random: cac591a6ceb9ebe68d0693156559367c30446caa57b97bbd… Session ID Length: 0 Cipher Suites Length: 4 Cipher Suites (2 suites) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Compression Methods Length: 1 Compression Methods (1 method) Extensions Length: 95 Extension: server_name (len=6) Extension: supported_versions (len=3) Extension: signature_algorithms (len=20) Extension: supported_groups (len=8) Extension: key_share (len=38)
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 17 (13 by maintainers)
I’m part of dotnet/ncl group.