koobas.hobune.stream
SSL over Socket hangs on AuthenticateAsClient step
I have a Java socket server using Netty that works fine with SSL/TLS and a Java (Netty) client, but I'm having difficulty getting a Unity C# client to consistently complete the handshake. Two or three times a day it will work, although my copious logging does complain about the server certificate "RemoteCertificateNotAvailable". I have added the remote cert to the Windows trusted certs, and have also added it using my C# code to the Mono store, reading the cert from a file.
I have enabled low level SSL logging on the server, which shows that it hangs after sending the "WRITE: TLSv1 Handshake" bytes, and it does not trigger my RemoteCertificateValidationCallback. I haven't figured out how to enable similar logging on the client. Here is a snippet of my client code, to show how I'm setting the call:
client = new TcpClient(ipLocalEndPoint);
client.Client.Connect(ipAddress, port);
netStream = client.GetStream();
stream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate)
);
// snipped lines that install certs from files
stream.AuthenticateAsClient("tcarrigan.corp.janusresearch.com", null,
SslProtocols.Tls, false);
Any useful advice would be greatly appreciated. I'm stumped.
According to this link: https://forums.xamarin.com/discussion/29303/use-of-sslstream-from-xamarin-android-app
Turns out the mono implementation of SslStream is not able to negotiate the protocol with the server in the same manner that it does as the Windows/.NET implementation. I ran the code on Windows and observed that SSL3 was being used. I then changed my call to AuthenticateAsClient() to specify SSL3 the send/receive worked fine.
sslStream.AuthenticateAsClient("myhost", null, SslProtocols.Ssl3, false);
Netty version 4.x does not allow Ssl3, because it is too vulnerable.
Can anybody confirm that the version of $$anonymous$$ono used by Unity has issues with SslProtocols.Tls?
