sockets-for-pcl icon indicating copy to clipboard operation
sockets-for-pcl copied to clipboard

Published 20 hours ago verified publisher icon rdavisau

TLS 1.1 and 1.2 support

Open zhenlineo opened this issue 8 years ago • 5 comments

I found TcpSocketClient cannot establish TLS 1.1 and TLS 1.2 secured connections. I trace down the code and found this piece of code which might limit how I could establish the secured connection:

if (secure)
{
    var secureStream = new SslStream(_writeStream, true, (sender, cert, chain, sslPolicy) => ServerValidationCallback(sender, cert, chain, sslPolicy));

    // `System.Security.Authentication.SslProtocols.Tls` bellow specifies I could only use TLSv1.0
    secureStream.AuthenticateAsClient(address, null, System.Security.Authentication.SslProtocols.Tls, false);

    _secureStream = secureStream;
}

I guess the reason that we only specify SslProtocols.Tls is that in previous versions, the highest .net support is Tls.

However I was wondering if we could change the code to secureStream.AuthenticateAsClient(address); or secureStream.AuthenticateAsClient(address, null, SslProtocols.Tls | SslProtocols.Tls1.1 | SslProtocols.Tls1.2, false); to make it working with tls1.1 and tls1.2 too.

In .net 4.6, AuthenticateAsClient(address) will default to use "default protocol". While in previous versions such as 3.5, it will default to SslProtocols.Default. However my knowledge of nuget is not good enough to understand if your lib compiled targeting to say framework 3.5, but I import to 4.6, whether the code will compile against my 4.6 system lib or not. (whether it keep using SslProcols.Default or it will pick up the "default protocol")

All in all, can we make TcpSocketClient to support TLS 1.1 and TLS 1.2 too?

zhenlineo avatar Jul 22 '16 13:07 zhenlineo

Even better would be an overload to specify the authentication type, and also it would be nice to specify the secure callback.

santaryan avatar Jul 28 '16 17:07 santaryan

Thanks for the good investigation. I'm not sure what the best approach is to allowing the additional protocols while supporting older platforms, I will need to check into it. I'm not sure you can package NuGets that differentiate between 4.5 and 4.6 💭 .

@santaryan - agreed, the challenge here is that it needs to work for both .NET and UWP. Offhand, no idea how UWP works.

rdavisau avatar Jul 30 '16 00:07 rdavisau

Is there any update on this issue ? Or somebody has found a way to go around this maybe ? Thanks a lot,

ghost avatar Oct 12 '16 13:10 ghost

Is there any traction on this item? I would like to use TLS1.2 as well.

gcadmes avatar Dec 16 '16 14:12 gcadmes

I have a need to use TLS 1.2 also.

KB4MDD avatar Apr 24 '18 14:04 KB4MDD