Click here to Skip to main content
15,942,710 members
Home / Discussions / .NET (Core and Framework)
   

.NET (Core and Framework)

 
GeneralRe: I Just Discovered FXCop Pin
cmk20-Dec-08 9:51
cmk20-Dec-08 9:51 
AnswerRe: I Just Discovered FXCop Pin
Wendelius19-Dec-08 4:59
mentorWendelius19-Dec-08 4:59 
GeneralRe: I Just Discovered FXCop Pin
Lev Danielyan19-Dec-08 5:17
Lev Danielyan19-Dec-08 5:17 
GeneralRe: I Just Discovered FXCop Pin
#realJSOP19-Dec-08 5:26
professional#realJSOP19-Dec-08 5:26 
GeneralRe: I Just Discovered FXCop Pin
Lev Danielyan19-Dec-08 5:39
Lev Danielyan19-Dec-08 5:39 
GeneralRe: I Just Discovered FXCop Pin
Mark Churchill22-Dec-08 18:59
Mark Churchill22-Dec-08 18:59 
GeneralRe: I Just Discovered FXCop Pin
Wendelius23-Dec-08 3:25
mentorWendelius23-Dec-08 3:25 
QuestionSslStream.AuthenticateAsClient, multiple SslProtocols support and stunnel Pin
Ian Warner19-Dec-08 0:23
Ian Warner19-Dec-08 0:23 
I have .NET 2.0 client code attempting to negotiate an SSL session with stunnel. stunnel is currently configured to allow SSL3 connections.

A call to AuthenticateAsClient, exclusively supplying SslProtocols.Ssl3 will succeed.

So far, all working as I'd expect Smile | :)

I want the .NET client to retrograde the SSL version when it connects to a server offering an older algorithm. The SslProtocols is a flag-attributed enumeration. I'd expect to pass multiple protocol versions like so:

sslstream.AuthenticateAsClient(Host, ClientCertificates, SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Tls, true);


However, the above method call results in the following .NET exception & stunnel log trace:

Client-side Exception:

System.IO.IOException:
 Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
 ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)

Server-side Log
2008.12.19 10:40:50 LOG7[5600:10944520]: pop3s accepted FD=10 from 192.168.20.6:3293
2008.12.19 10:40:50 LOG7[5600:11063160]: pop3s started
2008.12.19 10:40:50 LOG7[5600:11063160]: FD 10 in non-blocking mode
2008.12.19 10:40:50 LOG7[5600:11063160]: TCP_NODELAY option set on local socket
2008.12.19 10:40:50 LOG5[5600:11063160]: pop3s accepted connection from 192.168.20.6:3293
2008.12.19 10:40:50 LOG7[5600:11063160]: SSL state (accept): before/accept initialization
2008.12.19 10:40:50 LOG3[5600:11063160]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2008.12.19 10:40:50 LOG5[5600:11063160]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2008.12.19 10:40:50 LOG7[5600:11063160]: pop3s finished (0 left)


When I omit SslProtocols.Ssl2 from the parameter value, it results in a different condition.

Client-side Exception:

System.Security.Authentication.AuthenticationException:
 A call to SSPI failed, see inner exception.
 ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)


So I guess my question is: Is it misconfiguration of my behalf, or do I need to manually crank code to manage the protocol retrogradation?

Many thanks, Ian.
QuestionHow to get WindowsIdentity from domain\ username without password? Pin
Doan Quynh18-Dec-08 23:42
Doan Quynh18-Dec-08 23:42 
AnswerRe: How to get WindowsIdentity from domain\ username without password? Pin
Dave Kreskowiak19-Dec-08 4:14
mveDave Kreskowiak19-Dec-08 4:14 
GeneralRe: How to get WindowsIdentity from domain\ username without password? Pin
Doan Quynh19-Dec-08 15:24
Doan Quynh19-Dec-08 15:24 
GeneralRe: How to get WindowsIdentity from domain\ username without password? Pin
Dave Kreskowiak19-Dec-08 15:45
mveDave Kreskowiak19-Dec-08 15:45 
GeneralRe: How to get WindowsIdentity from domain\ username without password? [modified] Pin
Doan Quynh19-Dec-08 16:18
Doan Quynh19-Dec-08 16:18 
GeneralRe: How to get WindowsIdentity from domain\ username without password? Pin
Dave Kreskowiak20-Dec-08 4:17
mveDave Kreskowiak20-Dec-08 4:17 
GeneralRe: How to get WindowsIdentity from domain\ username without password? Pin
Doan Quynh21-Dec-08 19:49
Doan Quynh21-Dec-08 19:49 
Questionvb,net buttons Pin
chathini18-Dec-08 20:35
chathini18-Dec-08 20:35 
AnswerRe: vb,net buttons Pin
Thulasee Shan19-Dec-08 0:54
Thulasee Shan19-Dec-08 0:54 
QuestionVB6.0 to VB.NET Pin
sntkn18-Dec-08 20:11
sntkn18-Dec-08 20:11 
AnswerRe: VB6.0 to VB.NET Pin
Oshtri Deka18-Dec-08 21:13
professionalOshtri Deka18-Dec-08 21:13 
AnswerRe: VB6.0 to VB.NET Pin
Dragonfly_Lee24-Dec-08 19:01
Dragonfly_Lee24-Dec-08 19:01 
NewsFree Help from Microsoft for Your Windows Client Applications Pin
brucedkyle18-Dec-08 19:03
brucedkyle18-Dec-08 19:03 
QuestionThreadPool not executing queued jobs Pin
Helfdane18-Dec-08 3:14
Helfdane18-Dec-08 3:14 
AnswerRe: ThreadPool not executing queued jobs Pin
led mike18-Dec-08 7:05
led mike18-Dec-08 7:05 
GeneralRe: ThreadPool not executing queued jobs Pin
Helfdane18-Dec-08 21:53
Helfdane18-Dec-08 21:53 
GeneralRe: ThreadPool not executing queued jobs Pin
led mike19-Dec-08 7:15
led mike19-Dec-08 7:15 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.