1

To implement TLS encryption via SslStream i am using a self signed certificate. I am experiencing strange "no common algorithm" errors for clients connecting from an older Win2003 machine.

After reading this thread i discovered the following:

Those errors disappear if i change my certificate generation procedure (more specifically: the private key generation part):

Old:

     var privateKey = new CX509PrivateKey();
     privateKey.ProviderName = "Microsoft Base Cryptographic Provider v1.0";
     privateKey.MachineContext = true;
     privateKey.Length = 2048;
     privateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE
     privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;
     privateKey.Create();

New:

     var privateKey = new CX509PrivateKey();
     privateKey.ProviderName = "Microsoft Base Cryptographic Provider v1.0";
     privateKey.MachineContext = true;
     privateKey.Length = 1024;
     privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE; 
     privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;
     privateKey.Create();

My questions (may sound stupid, sorry for that; i'm fairly new to TLS & co):

  • Which algorithms are relaying on a private key with this keySpec value? Can I see somewhere which algo has been taken by SslStream?
  • Why do I have to reduce the key length to 1024? Any value above will cause an exception to occur when calling Create().
  • Am I taking security risks with these changes?
  • Any suggestions refering to fixing the Win2K03 machine are also welcome...
Community
  • 1
  • 1
Udontknow
  • 1,472
  • 12
  • 32

1 Answers1

2

Microsoft Base Cryptographic Provider v1.0 is the most limited of the cryptographic providers. For AT_EXCHANGE it is limited to 1024-bit RSA, per https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx.

Your TLS error probably comes from the SChannel library wanting to use the RSA key in AT_EXCHANGE mode even on ciphersuites where RSA signature is used, but not RSA encryption, since your two files differ in both keyspec and value.

Microsoft Enhanced RSA and AES Cryptographic Provider is the newest (added in XP SP3) CSP, if you change to that you should be able to make RSA AT_EXCHANGE keys up to length 16384 (though it'll take hours to do so, so you might want to stick to your 2048).

bartonjs
  • 30,352
  • 2
  • 71
  • 111