Cannot send TLS 1.2 with Xamarin.Forms and VisualStudio 2017

Question

I am trying to send a POST transaction from Xamarin.Forms using TLS1.2 but I see them arriving to the server as TLS 1.1.

I have configured Android options:

HttpClient impletemtation as Android

SSL/TLS implementation as Native TLS 1.2+

I am implementing and executing in VisualStudio 2017, and using Android 6.0 in the emulator.

Regarding the code, I set some enviroment variables:

System.Environment.SetEnvironmentVariable("MONO_TLS_PROVIDER‌​", "btls");
System.Environment.SetEnvironmentVariable("XA_TLS_PROVIDER‌​", "btls");
System.Environment.SetEnvironmentVariable("XA_HTTP_CLIENT_HANDLER_TYPE", "Xamarin.Android.Net.AndroidClientHandler");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Finally, POST is sent with:

   using (HttpClient client = new HttpClient())
  or 
   using (HttpClient client = new HttpClient(new NativeMessageHandler()))
  or
   using (HttpClient client = new HttpClient(new Xamarin.Android.Net.AndroidClientHandler()))
   {
    try
    {
     HttpResponseMessage responseHttp = await client.PostAsync(new Uri(new Uri(Constants.ApiBaseUrl), "authorize"), content);
    ...

Where Constants.ApiBaseUrl contains a url with https://<> format.

The problem is, when POST is sent I have no exceptions, but in my server I see with Wireshark the transaction as:

I have also tried in other way, using:

  HttpWebRequest httpWebRequest = WebRequest.CreateHttp(new Uri(new Uri(Constants.ApiBaseUrl), "authorize"));
  httpWebRequest.Method = "POST";
  httpWebRequest.Credentials = CredentialCache.DefaultNetworkCredentials;
  Stream sw = httpWebRequest.GetRequestStream();
  sw.Write(contentByte, 0, contentByte.Length);
  HttpWebResponse httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse();

With and without my own certificates using:

  httpWebRequest.ClientCertificates = cryptoSvc.x509HostCertificates;

In this case, if I use

  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

I get the exception

   RestService-SendJsonDataAsync ERROR: Error: SecureChannelFailure 
      (**Ssl error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL**
       at /Users/builder/jenkins/workspace/xamarin-android/xamarin-android/external/mono/external/boringssl/ssl/handshake_client.c:808)

Without that line it is also arriving as TLS1.1.

Does anyone have any idea or suggestion about what is wrong in my case, please?

Thanks so much for your time and help.

Answer 1

I believe in Android 6.0, TLS 1.2 is enabled by default:

https://developer.android.com/reference/javax/net/ssl/SSLSocket.html

But, you have BTLS configuration and Native TLS 1.2, I think these are conflicting. BTLS is the Boring TLS implementation, designed to provide TLS 1.2 support on older versions of Android. I think you can safely remove those lines.

I'd first confirm what the server is allowing in terms of security and if possible have the server limit HTTPS connections to only TLS 1.2.

If you'd like to try forcing only TLS 1.2 connections on the client side, take a look at this answer (note this is in Java, but the process is the same):

How to set TLS version on apache HttpClient

Answer 2

I was able to work around this problem by downloading and installed VS 2022 Community - Preview. I then created a MAUI .net app and used the same code that I used in VS 2019.