3

I'm developing a program (in C# .Net v4.5.1) that needs to communicate with a 3rd party service, which requires a client certificate to authenticate. The problem is that if I enable TLS1.2 for the program, the client certificate isn't send to the service, but if I use TLS1.0, the certificate is passed to the service. I use the same function and same certificate regardless of what TLS version I use. The only thing I've changed is the TLS version. I've checked the network traffic using WireShark and the certificate is only passed along when using TLS1.0. Do I need to do anything special to when using TLS1.2 to send the certificate along the request?

I switch between TLS1.2 and TLS1.0 using the following code

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

and

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

I use the following function to call the 3rd party service

private static string GetData(string url, X509Certificate certificate, int timeOut = 5)
{
    var handler = new WebRequestHandler();
    handler.ClientCertificates.Add(certificate);

    using (var client = new HttpClient(handler))
    {
        client.Timeout = new TimeSpan(0, 0, timeOut * 1000);

        var result = client.GetAsync(url).Result;
        string content =  result.Content.ReadAsStringAsync().Result;

        return content;
    }
}
Tuvix
  • 75
  • 5
  • I found this question: https://stackoverflow.com/questions/47904777/c-sharp-and-dotnet-4-7-1-not-adding-custom-certificate-for-tls-1-2-calls, maybe it applies in your case too. – Dirk Apr 11 '18 at 11:24
  • Unfortunately that doesn't apply to my case, as the certificate I use has a sha256 signature – Tuvix Apr 11 '18 at 11:34
  • I'm having the same exact issue. Any luck on a solution here? – grinder22 Jan 15 '20 at 00:01

0 Answers0