|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
SslStream and AES 128 ciphersupports AES 128, but the .NET 2.0 SslStream class doesn't seem to support it (although the CipherAlgorithmType enum has the values Aes128). When analyzing the client hello sent to the server, the SslStream client only presents the following ciphers: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA No AES cipher is presented to the server. TLS_RSA_WITH_AES_128_CBC_SHA How can I make this work? Thanks, Raul What OS version is your SSL client machine? SslStream uses Windows native
SSPI SSL under the hood and AES ciphers are only supported in native SSL on very recent OS's. I believe this should work fine on 2008 server for example. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net "pade" <p***@discussions.microsoft.com> wrote in message news:3BB4469D-F504-4821-9202-10F6C66E96A7@microsoft.com... >I am having problems connecting to a specific SSL server. The server only > supports AES 128, but the .NET 2.0 SslStream class doesn't seem to support > it > (although the CipherAlgorithmType enum has the values Aes128). > > When analyzing the client hello sent to the server, the SslStream client > only presents the following ciphers: > TLS_RSA_WITH_RC4_128_MD5 > TLS_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_DES_CBC_SHA > TLS_RSA_EXPORT1024_WITH_RC4_56_SHA > TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA > TLS_RSA_EXPORT_WITH_RC4_40_MD5 > TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA > TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA > > No AES cipher is presented to the server. > > TLS_RSA_WITH_AES_128_CBC_SHA > > How can I make this work? > > Thanks, Raul > > How can I make this work? As mentioned, AES is only available on newer OS versions, and you can't rely on it's availability on any generic Windows system. This is so when you use SSLStream class. You can use alternative components for SSL, such as SecureBlackbox, which supports all most recent extensions to SSL/TLS including AES, Camellia and more. See http://www.eldos.com/sbb/net-ssl.php -- With best regards, Eugene Mayevski 
Other interesting topics
Using a Java Keytool created certificate in HTTPWebRequest.ClientCertificates
Can't import x.509: Cannot find the requested object 'Global\.net clr networking' is denied - via IPAddress.TryParse How to decipher data in .NET using "RSA/ECB/PKCS1Padding"? Possible spyware problem Question about TCP/IP and SSL with sslstream Request for the permission of type CAS Evidence collection on Vista 64 :-( help i have a weird virus thing Setting full trust on a server directory for Visual Studio 2005 |
|||||||||||||||||||||||
