sslstream

I am installing a windows service on a new machine. The service does various operations over SslStream over TCP, which uses the certificate in problem. The service has been operating fine with the same code and same certificate on other 2 windows 2003 machines. But, this new machine is Windows 2003 with 64 bit processor too. I am running into this problem when I am trying to run the service with a 'Service Account' identity. It works fine with my own credentials. (Again, it works fine on other 2 machines with this service account) I do not have 'strong protection' enabled while importing the

I am trying to create a TLS1.1/TLS1.2 server using .Net's sslStream class. It appears that by default the only cipher suites that this stream accepts are: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA I'd like to enable non-ECDHE versions of these (i.e. TLS_RSA_WITH_AES_128_CBC_SHA256). I googled around a bit and people talk about changing cipher suites by modifying the default SChannel settings -- either through the "SSL Cipher Suite Order" or using CNG functions: http://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v

.NET's SslStream class does not send the close_notify alert before closing the connection. How can I send the close_notify alert manually? Thanks for this question. It pointed me into the right direction, that there is a bug in .Net, which I do not very often think about. I bumped into this problem during writing of my implementation of FTPS server and Filezilla (or GnuTLS probably) client was complaining "GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated". I think it is a quite significant drawback in SslStream implementation. So I ended up with writing a

I need to provide secure communication between various processes that are using TCP/IP sockets for communication. I want both authentication and encryption. Rather than re-invent the wheel I would really like to use SSL and the SslStream class and self-signed certificates. What I want to do is validate the remote process's certificate against a known copy in my local application. (There doesn't need to be a certificate authority because I intend for the certificates to be copied around manually). To do this, I want the application to be able to automatically generate a new certifiate the first

I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands. I am using SslStream object to authenticate the Tcp client by calling SslStream.AuthenticateAsClient method by passing server IP , SslProtocols.Ssl3 and X509CertificateCollection . I am getting the following error: Authentication failed because the remote party has closed the transport stream I would advise against restricting the SecurityProtocol to TLS 1.1. The recommended solution is to use