问题
I want to test tls1.3, so i created a console app in VS 2019(Version 16.7.7) and the target framework is .NET Core 3.1.
My Program.cs
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace TestSsl {
class Program {
static void Main(string[] args) {
SslProtocols protocol = SslProtocols.Tls13;
Console.WriteLine($"testing SslProtocols.{protocol}");
int port = 1999;
RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
return (true);
};
X509Certificate2 serverCert = new X509Certificate2("server.pfx", "testpass123");
X509Certificate2 clientCert = new X509Certificate2("client.pfx", "testpass123");
TcpListener server = TcpListener.Create(port);
server.Server.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true);
server.Server.NoDelay = true;
server.Server.SetSocketOption(SocketOptionLevel.IPv6, SocketOptionName.IPv6Only, false);
server.Start();
Task taskServer = Task.Run(() => {
TcpClient romoteClient = server.AcceptTcpClient();
Task.Run(() => {
using(romoteClient) {
using(SslStream sslStreamRomoteClient = new SslStream(romoteClient.GetStream(), false, certificateValidationCallback)) {
try {
sslStreamRomoteClient.AuthenticateAsServer(serverCert, true, protocol, true);
byte[] buf = new byte[1000];
int len = sslStreamRomoteClient.Read(buf, 0, buf.Length);
string receive = Encoding.UTF8.GetString(buf, 0, len);
Console.WriteLine($"server receive:{receive}");
sslStreamRomoteClient.Write(Encoding.UTF8.GetBytes("Ok"));
Console.WriteLine($"server send:Ok");
} catch(Exception ex) {
Console.WriteLine(ex);
}
}
}
}).Wait();
});
Task taskClient = Task.Run(() => {
try {
using(TcpClient client = new TcpClient()) {
client.Connect("127.0.0.1", port);
using(SslStream sslStreamClient = new SslStream(client.GetStream(), false, certificateValidationCallback)) {
sslStreamClient.AuthenticateAsClient("127.0.0.1", new X509CertificateCollection() { clientCert }, protocol, true);
string send = "hi, i am testing tls";
sslStreamClient.Write(Encoding.UTF8.GetBytes(send));
Console.WriteLine($"client send:{send}");
byte[] buf = new byte[1000];
int len = sslStreamClient.Read(buf);
string receive = Encoding.UTF8.GetString(buf, 0, len);
Console.WriteLine($"client receive:{receive}");
}
}
} catch(Exception ex) {
Console.WriteLine(ex);
}
});
Task.WaitAll(taskClient, taskServer);
}
}
}
And then according to how to enable TLS 1.3 in windows 10 i enabled TLS 1.3 in regedit.
My PC information:
Then i debug my project and met a exception
The debug console:
Are there any requirements for these pfx certificate?
How can solve this exception? Please help. Thanks.
回答1:
At the moment the max version of windows 10 is version 20H2(OS Build 19042.630). The TLS1.3 server works well only when TLS1.3 server is enabled in regedit. But TLS1.3 client does not work even TLS1.3 client is enabled in regedit. At the moment TLS1.3 client only works in Windows 10 Insider Preview Build 20170.
来源:https://stackoverflow.com/questions/64591531/c-sharp-tls1-3-exception-cannot-determine-the-frame-size-or-a-corrupted-frame-w