3

A .NET 4.8 application running on Windows 10 (version 10.0.19041) with enabled TLS 1.3 using the registry as per how to enable TLS 1.3 in windows 10

However running the following code:

 try
            {                
                System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
                using (var client = new WebClient())
                { 
                    var img = client.DownloadData("URL of an image - Only TLS 1.3 at client side - removed for privacy purposes");
                    MemoryStream ms = new MemoryStream(img);
                    Image i = Image.FromStream(ms);
                    i.Save(AppDomain.CurrentDomain.BaseDirectory+"/img1.jpeg");
                }
            }
            catch(Exception ex)
            {
                logger.Log(LogLevel.Error, ex.ToString());
            }

Produces the following - Exception StackTrace:

2020-10-05 12:40:52.4779 ERROR System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.
   at System.Net.Security._SslStream.StartFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)

I found a related issue with .NET 5.0, however I don't see if that is fixed or going to be fixed for .NET 4.8 https://github.com/dotnet/runtime/issues/1720

Rick Sanchez
  • 78
  • 1
  • 2
  • 7

1 Answers1

6

Right from the Transport Layer Security (TLS) best practices with the .NET Framework document issue, dating 2020-08-21:

.NET Framework does not support TLS 1.3 yet. It is something we will start working on soon (cc @wfurt). The bottom line is that to use TLS 1.3, we have to use new Windows API, therefore we have to change our code in .NET Framework and the change is rather large due to other requirements of TLS 1.3 (things that don't matter in TLS 1.2 and lower).

Also note that Windows 10 with TLS 1.3 (non-experimental support) was released only recently, I think that only in Windows 10 Insider builds (@wfurt has more details).

In .NET Core we implemented TLS 1.3 support just recently in upcoming RC1 build of .NET 5. You can try it out there (on OS build that supports it too of course).

.NET 5 RC1 has been released and has a production-ready go-live license.

kapsiR
  • 2,720
  • 28
  • 36