Geek Answers Handbook

Https with TLS 1.2 in Xamarin

I am using HttpClient in Xamarin to request https with TLS 1.2 and I got an error as shown below:

System.AggregateException: One or more errors occurred ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00013] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:574 at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x000d0] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:376 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) [0x00035] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:425 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x0000c] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:99 --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x0005e] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:969 at System.Threading.Tasks.TaskFactory`1[System.Net.WebResponse].InnerInvoke (System.Threading.Tasks.TaskCompletionSource`1 tcs, System.Func`2 endMethod, IAsyncResult l) [0x00000] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/TaskFactory_T.cs:473 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.WebResponse].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 at System.Net.Http.HttpClientHandler+<SendAsync>c__async0.MoveNext () [0x002d0] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClientHandler.cs:338 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.Http.HttpResponseMessage].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 at System.Net.Http.HttpClient+<SendAsyncWorker>c__async0.MoveNext () [0x000a9] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClient.cs:273 --- End of inner exception stack trace --- at System.Threading.Tasks.Task.Wait (Int32 millisecondsTimeout, CancellationToken cancellationToken) [0x00049] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/Task.cs:709 at System.Threading.Tasks.Task.Wait () [0x00000] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/Task.cs:679 at System.Threading.Tasks.Task`1[System.Net.Http.HttpResponseMessage].get_Result () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/Task_T.cs:48 at Cucumber.ViewModels.LoginViewModel+<ExecuteLoginCommand>c__async0.MoveNext () [0x00144] in /Users/bachpx1/FSBProjects/FsoftInternalNews/cucumber/xamarin_form/Cucumber/Cucumber.Shared/ViewModels/LoginViewModel.cs:94 --> (Inner exception 0) System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00013] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:574 at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x000d0] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:376 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) [0x00035] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:425 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x0000c] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:99 --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x0005e] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:969 at System.Threading.Tasks.TaskFactory`1[System.Net.WebResponse].InnerInvoke (System.Threading.Tasks.TaskCompletionSource`1 tcs, System.Func`2 endMethod, IAsyncResult l) [0x00000] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/TaskFactory_T.cs:473 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.WebResponse].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 at System.Net.Http.HttpClientHandler+<SendAsync>c__async0.MoveNext () [0x002d0] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClientHandler.cs:338 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.Http.HttpResponseMessage].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 at System.Net.Http.HttpClient+<SendAsyncWorker>c__async0.MoveNext () [0x000a9] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClient.cs:273

Does anyone know how to fix this problem. I heard that Xamarin are errors with TLS in Mono 2.0. Many thanks

+5
source share
4 answers

TLS is not yet fully implemented in Mono. This means that your HTTPS requests may fail if they do not work when running your .NET application on Windows.

Xamarin Deployment

Since you are using Xamarin, you can use ModernHttpClient , which is a wrapper around the native iOS / Android network libraries.

Android, Mac, and iOS users can get the latest TLS for HTTP workloads using ModernHttpClient. Mac / iOS users can use the built-in CFNetworkHandler.

Linux / Mac Deployment

If you are installing Mono on Linux / Mac (without Xamarin), you need to find a workaround due to the lack of TLS support.

There are two possible workarounds:

Use custom TLS implementation

Try juhovh / AaltoTLS , which is an implementation of the SSL / TLS network protocol, written entirely using C # and the standard .NET cryptographic libraries. where appropriate. It will take care of decrypting / encrypting TLS and will not use the built-in devoid Mono implementation.

TLS Proxy Implementation

Create a TLS proxy that will perform TLS for you - you will configure it as an HTTP proxy for your HTTP requests in Mono, it will receive them and request the target server via HTTPS, encryption and decryption processing for the Mono application.

Workflow:

Mono App → HttpClient sends an HTTP request via TLS Proxy → TLS Proxy converts the HTTP request to HTTPS and sends it to the target server → TLS proxy receives a response → TLS proxy sends a response to HttpClient in HTTP format

Sample code in Node.js for the TLS Proxy workaround using nodejitsu / node-http-proxy :

 // Modules var http = require('http'); var httpProxy = require('http-proxy'); // Proxy server options var options = {secure: true}; // Validate remote SSL certificates // Create a proxy server with custom application logic var proxy = httpProxy.createProxyServer(options); // Handle errors gracefully proxy.on('error', function(e) { // Log to console console.log(e); }); // Create server and define custom logic var server = http.createServer(function(req, res) { // URL provided? if (req.url) { // Convert to HTTPS req.url = req.url.replace('http://', 'https://'); } // Get remote host from headers (and force HTTPS) var target = 'https://' + req.headers.host; // Proxy the request (target is the server to pass the request on to) proxy.web(req, res, { target: target }); }); // Proxy port var port = 8080; // Start listening for requests from clients server.listen(port); // Log the port number console.log('proxy.port: ' + port);
+6
source

This error was detected when releasing Release, but not in the Debug assembly.

For Xamarin + VS, TLS 1.2 can be installed in Android Project Properties (right-click on the Android project> Properties at the bottom)> Android Settings> scroll down, click Advance> bottom, SSL / TLS. There you found Native TLS 1.2 +.

+1
source

I don't know about the general Xamarin cross-platform solution for this.

Xamarin has the ability to support TLS 1.2 for iOS9 with application transport security ( https://developer.xamarin.com/guides/ios/platform_features/introduction_to_ios9/ats/ ):

Any connection to NSUrlConnection, CFUrl, or NSUrlSession will use the default ATS in applications built for iOS 9 and OS X 10.11 (El Capitan). ATS will ensure compliance with the following requirements for the entire Internet Connection: all connection ciphers must use direct secrecy. Transport Layer Security Protocol (TLS) must be version 1.2 or greater. At least a SHA256 fingerprint with 2048 bits or higher RSA key or 256-bit or higher elliptic curve (ECC) for all certificates.

There is a public push to fill this gap since April 2014 at https://xamarin.uservoice.com/forums/144858-xamarin-platform-suggestions/suggestions/5758129-implement-tls-1-2 .

0
source

TLS 1.2 is currently supported by Mono release 4.8.0

0
source

More articles:


All Articles