I'm trying to do secure renegotiation with .NET SslStream, but I'm not sure how to achieve it, or if it is even possible. My goal is to renew the shared secret, using the same certificate for the server.
I set up a server using OpenSSL :
s_server -accept 443 -key privkey.pem Here's my client code :
public static void RunClient() { TcpClient client = new TcpClient("localhost", 443); Console.WriteLine("Client connected."); SslStream sslStream = new SslStream(innerStream: client.GetStream(), leaveInnerStreamOpen: true, userCertificateValidationCallback: (a,b,c,d) => true, userCertificateSelectionCallback: null); sslStream.AuthenticateAsClient("localhost"); byte[] message = Encoding.UTF8.GetBytes("Hello from the client."); sslStream.Write(message); sslStream.Dispose(); // if code below is commented, there's no error. sslStream = new SslStream(innerStream: client.GetStream(), leaveInnerStreamOpen: true, userCertificateValidationCallback: (a, b, c, d) => true, userCertificateSelectionCallback: null); message = Encoding.UTF8.GetBytes("Hello from the client again, renegotiated."); sslStream.AuthenticateAsClient("localhost"); sslStream.Write(message); // client.Close(); Console.WriteLine("Client closed."); } public static int Main(string[] args) { RunClient(); return 0; } The second call to AuthenticateAsClient, on the new SslStream fails with "A call to SSPI failed, see inner exception.". The inner exception is "Win32Exception: The message received was unexpected or badly formatted".
On the server side, I get an error too :
CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported Hello from the client.ERROR 8404:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl\record\ssl3_record.c:469: shutting down SSL CONNECTION CLOSED ACCEPT Do you know what's wrong here, or if my use case is even supported with SslStream ?
0 comments:
Post a Comment