.NET SslStream always negotiates with the least secure cipher that I have. How can i change this?

Question

.NET SslStream always negotiates with the least secure cipher that I have. How can i change this?

SslStream should agree on the type of encryption, key length, hash algorithm, etc. with its peer-to-peer SSL stack. When I use it in my code, I find that matching always defaults to RC4 and MD5. I would like to use 3DES or AES for some extra security.

Looking around the Internet, I find only a few links to this problem and no solutions; one poster claims that it really makes sense, since the lowest common denominator between the two stacks is safe, while it has the added benefit of being faster / using less CPU resources. Although this may be technically correct, my specific trade-off between complexity and cost lies elsewhere (I prefer to use AES with a long key).

If anyone can help, I will be grateful.

+5

.net ssl encryption aes

Shachar 18 sept. '08 at 9:54

source share

5 answers

SSLStream Schannel, . , Microsoft Schannel :

Windows Vista:

RSA AES_128 CBC SHA
RSA AES_256 CBC SHA
RSA RC4_128 SHA
...

Windows XP:

RSA RC4 128 MD5
RSA RC4 128 SHA
RSA 3DES CBC SHA
....

, SSL Cipher Suite Order, " " Microsoft Management Console (Windows Vista)

, Windows XP AES , SSLStream. , Windows XP: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy 1 3DES.

+3

vshkil 15 . '08 9:56

, . , , SslStream SSPI SChannel, , Internet Explorer, IIS Windows .

, SChannel.dll/Secur32.dll. Internet Explorer ?

, SCHANNEL. , ?

0

Mike Dimmick 18 . '08 14:10

XP SP3 IE7 . .

0

Shachar 18 . '08 15:17

Java / . , API .NET...

0

Alexander 20 . '08 11:03

James Berry · Accepted Answer · 2009-11-18T09:44:46+0000

, , . , RC4. (, ),

http://msdn.microsoft.com/en-us/library/ms925716.aspx

.NET SslStream always negotiates with the least secure cipher that I have. How can i change this?

More articles: