I made a program that should accept an SSL connection. I want it to only accept TLS 1.2 for added security.
To do this, I installed .net framework 4.6 and compiled SW using Visual Studio 2015 express on a computer running Windows 7 Professional SP1. The target structure in the "application" in VS is set to 4.6
In SW, I use the SslStream method to verify the certificate and to ensure that only TLS 1.2 is used, I enter the line
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
I tried to insert this line both in main() and before creating a new SSL stream
For the test, I use openssl to connect using the command:
openssl s_client -connect 10.0.0.101:1400 -tls1_2 -cert MyCert.pem -key private.pem -CAfile entrust.cer
My problem is that a C # program gets the following exception:
Exception: SSPI call failed, see internal exception.
Internal exception: requested feature not supported
Exit OpenSsl
CONNECTED (00000150) 7964: error: 1408F10B: SSL routines: SSL3_GET_RECORD: invalid version number:. \ Ssl \ s3_pkt.c: 362:
no peer certificates available
Missing Client Certificate CA Names
SSLL acknowledgment read 5 bytes and 7 bytes written
New, (NONE), Cipher (NONE) Secure Renegotiation NOT Supported Compression: NONE Extension: NONE No ALPN negotiated SSL session: Protocol: TLSv1.2 Cipher: 0000 Session ID: Session-ID-CTX: Master key: Key-Arg : no PSK ID: no PSK identity hint: No SRP username: No Start time: 1457011106 Wait time: 7200 (s) Check return code: 0 (ok)
If I use -tls1 there is no problem, so I assume this is because .net SslStream does not support tls1_2 (or tls1_1)
Is there anyone who can explain what I'm doing wrong?
/ Karsten