5

I want to test tls1.3, so i created a console app in VS 2019(Version 16.7.7) and the target framework is .NET Core 3.1. enter image description here

My Program.cs

using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace TestSsl {
    class Program {
        static void Main(string[] args) {
            SslProtocols protocol = SslProtocols.Tls13;
            Console.WriteLine($"testing SslProtocols.{protocol}");
            int port = 1999;
            RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
                return (true);
            };
            X509Certificate2 serverCert = new X509Certificate2("server.pfx", "testpass123");
            X509Certificate2 clientCert = new X509Certificate2("client.pfx", "testpass123");
            TcpListener server = TcpListener.Create(port);
            server.Server.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true);
            server.Server.NoDelay = true;
            server.Server.SetSocketOption(SocketOptionLevel.IPv6, SocketOptionName.IPv6Only, false);
            server.Start();
            Task taskServer = Task.Run(() => {
                TcpClient romoteClient = server.AcceptTcpClient();
                Task.Run(() => {
                    using(romoteClient) {
                        using(SslStream sslStreamRomoteClient = new SslStream(romoteClient.GetStream(), false, certificateValidationCallback)) {
                            try {
                                sslStreamRomoteClient.AuthenticateAsServer(serverCert, true, protocol, true);
                                byte[] buf = new byte[1000];
                                int len = sslStreamRomoteClient.Read(buf, 0, buf.Length);
                                string receive = Encoding.UTF8.GetString(buf, 0, len);
                                Console.WriteLine($"server receive:{receive}");
                                sslStreamRomoteClient.Write(Encoding.UTF8.GetBytes("Ok"));
                                Console.WriteLine($"server send:Ok");
                            } catch(Exception ex) {
                                Console.WriteLine(ex);
                            }
                        }
                    }
                }).Wait();
            });
            Task taskClient = Task.Run(() => {
                try {
                    using(TcpClient client = new TcpClient()) {
                        client.Connect("127.0.0.1", port);
                        using(SslStream sslStreamClient = new SslStream(client.GetStream(), false, certificateValidationCallback)) {
                            sslStreamClient.AuthenticateAsClient("127.0.0.1", new X509CertificateCollection() { clientCert }, protocol, true);
                            string send = "hi, i am testing tls";
                            sslStreamClient.Write(Encoding.UTF8.GetBytes(send));
                            Console.WriteLine($"client send:{send}");
                            byte[] buf = new byte[1000];
                            int len = sslStreamClient.Read(buf);
                            string receive = Encoding.UTF8.GetString(buf, 0, len);
                            Console.WriteLine($"client receive:{receive}");
                        }
                    }
                } catch(Exception ex) {
                    Console.WriteLine(ex);
                }
            });
            Task.WaitAll(taskClient, taskServer);
        }
    }
}

And then according to how to enable TLS 1.3 in windows 10 i enabled TLS 1.3 in regedit. TLS1.3 client

TLS1.3 server

My PC information:

enter image description here

Then i debug my project and met a exception

enter image description here

The debug console:

enter image description here

Are there any requirements for these pfx certificate?

How can solve this exception? Please help. Thanks.

  • 1
    Relevant code in full, a clear question, bunch of version info and pictures - Questions like i love to see them! – sommmen Oct 29 '20 at 13:20
  • 1
    This isn't a solution to your problem, but I was running into similar issues locally with the same setup, I don't think that TLS 1.3 in SChannel is production ready yet. – Matthew Oct 29 '20 at 14:39

1 Answers1

0

At the moment the max version of windows 10 is version 20H2(OS Build 19042.630). The TLS1.3 server works well only when TLS1.3 server is enabled in regedit. But TLS1.3 client does not work even TLS1.3 client is enabled in regedit. At the moment TLS1.3 client only works in Windows 10 Insider Preview Build 20170.