4

Using C# 4.0, I need to make HTTPS call with the BouncyCastle library (Short story : Windows XP + TLS 1.2).

When using the following code, I get a "HTTP Error 400. The request verb is invalid."

Here is my code : 

using (var client = new TcpClient("serverName", 443))
{
    var sr = new SecureRandom();
    var cl = new MyTlsClient();
    var protocol = new TlsClientProtocol(client.GetStream(), sr);
    protocol.Connect(new MyTlsClient());

    using (var stream = protocol.Stream)
    {
         var hdr = new StringBuilder();
         hdr.AppendLine("GET /Url/WebService.asmx?wsdl HTTP/1.1");
         hdr.AppendLine("Host: serverName");
         hdr.AppendLine("Content-Type: text/xml; charset=utf-8");
         hdr.AppendLine("Connection: close");
         hdr.AppendLine();

         var dataToSend = Encoding.ASCII.GetBytes(hdr.ToString());
         sr.NextBytes(dataToSend);

         stream.Write(dataToSend, 0, dataToSend.Length);

         int totalRead = 0;
         string response = "";
         byte[] buff = new byte[1000];
         do
         {
              totalRead = stream.Read(buff, 0, buff.Length);
              response += Encoding.ASCII.GetString(buff, 0, totalRead);
         } while (totalRead == buff.Length);
     }
 } 

class MyTlsClient : DefaultTlsClient
{
    public override TlsAuthentication GetAuthentication() 
    {
        return new MyTlsAuthentication();
    }
}

class MyTlsAuthentication : TlsAuthentication
{
    public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) { return null; }

    public void NotifyServerCertificate(Certificate serverCertificate) {    }
}

What I've already done :

  • Using WireShark to decrypt the ssl stream and inspect the request send => I've never succeeded to decrypt ssl stream

  • Using fiddler to decrypt the https stream => No detection by fiddler so I suspect something might be badly encrypted

Any ideas ?

nmariot
  • 465
  • 6
  • 15
  • Why are you calling "sr.NextBytes(dataToSend);"? That will overwrite the 'dataSend' buffer with random data, so no surprise it mangles the request. – Peter Dettman Jun 18 '18 at 14:24
  • @PeterDettman You were right, removing this instruction was the key. – nmariot Jun 18 '18 at 15:50

1 Answers1

3

Thanks to PeterDettman who gave me the solution :

I must not use the sr.NextBytes(instructions), so the code becomes :

using (var client = new TcpClient("serverName", 443))
{
    var sr = new SecureRandom();
    var cl = new MyTlsClient();
    var protocol = new TlsClientProtocol(client.GetStream(), sr);
    protocol.Connect(new MyTlsClient());

    using (var stream = protocol.Stream)
    {
         var hdr = new StringBuilder();
         hdr.AppendLine("GET /Url/WebService.asmx?wsdl HTTP/1.1");
         hdr.AppendLine("Host: serverName");
         hdr.AppendLine("Content-Type: text/xml; charset=utf-8");
         hdr.AppendLine("Connection: close");
         hdr.AppendLine();

         var dataToSend = Encoding.ASCII.GetBytes(hdr.ToString());

         stream.Write(dataToSend, 0, dataToSend.Length);

         int totalRead = 0;
         string response = "";
         byte[] buff = new byte[1000];
         do
         {
              totalRead = stream.Read(buff, 0, buff.Length);
              response += Encoding.ASCII.GetString(buff, 0, totalRead);
         } while (totalRead == buff.Length);
     }
 }
nmariot
  • 465
  • 6
  • 15
  • 2
    Is there any way to combine this with a WSDL consumed by visual studio so that we can use TLS1.2 communication without having to manually develop each request and response? – CathalMF Jul 27 '18 at 08:57