BouncyCastle .NET定制的Anon CipherSuite TlsClient适用于Android,但不适用于Windows [英] BouncyCastle .NET custom TlsClient for anon CipherSuite working on Android, but not Windows
问题描述
我可以访问一个Java应用程序,该应用程序使用CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA 进行通信(无法使用其他应用程序)。
I've got access to a java application, which uses the CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA for communication (No possibility to use another one).
前一段时间,我不得不用C#编写Xamarin应用程序,该应用程序使用Bouncy Castle PCL成功连接到了它。我不得不使用Bouncy Castle,因为默认情况下Android(> = 6.0)不允许使用前面提到的密码套件。
Some time ago I had to write a Xamarin App in C#, which connected to it successfully using Bouncy Castle PCL. I had to use Bouncy Castle, since Android (>=6.0) does not allow to use the previously mentioned cipher suite by default.
现在,我必须编写一个。 Windows上的NET应用程序将连接到完全相同的Java应用程序,因此我只复制了用于建立连接的代码,并从NuGet安装了Bouncy Castle。 TcpClient能够建立连接,但是从下面的示例代码中调用 protocol.Connect(new CustomTlsClient()); 给了我一个例外 System.IO.IOException:内部TLS错误,这可能是攻击。
Now, I have to write a .NET application on Windows, which shall connect to the exact same Java application, so I just copied the code for establishing the connection and installed Bouncy Castle from NuGet. The TcpClient is able to establish a connection, but calling protocol.Connect(new CustomTlsClient()); from the sample code below gives me the exception "System.IO.IOException: Internal TLS error, this could be an attack".
为 CustomTlsClient覆盖 NotifyAlertRaised 告诉我, Bouncy Castle无法读取记录(AlertLevel:2,AlertDescription:80,消息:无法读取记录,例外: Org.BouncyCastle.Crypto.Tls.TlsFatalAlert:internal_error(80))。
Overriding NotifyAlertRaised for the "CustomTlsClient" tells me, that Bouncy Castle fails to read a record (AlertLevel: 2, AlertDescription: 80, Message: "Failed to read record", Exception: "Org.BouncyCastle.Crypto.Tls.TlsFatalAlert: internal_error(80)").
缩短的示例代码:
...
TcpClient client = tryConnect(ip, port); // simply returns a TcpClient on success
NetworkStream targetStream = client.GetStream();
targetStream.ReadTimeout = Config.Network.TcpStreamReadTimeout;
targetStream.WriteTimeout = Config.Network.TcpStreamWriteTimeout;
TlsClientProtocol protocol = new TlsClientProtocol(targetStream, new Org.BouncyCastle.Security.SecureRandom());
protocol.Connect(new CustomTlsClient()); // <---- Here's the problem
...
CustomTlsClient:
CustomTlsClient:
private class CustomTlsClient : DefaultTlsClient
{
public override TlsAuthentication GetAuthentication() => new CustomTlsAuthentication();
public override int[] GetCipherSuites() => new[] { CipherSuite.TLS_ECDH_anon_WITH_AES_256_CBC_SHA };
public override void NotifyAlertRaised(byte alertLevel, byte alertDescription, string message, Exception cause)
{
// This gave me further information on the error
base.NotifyAlertRaised(alertLevel, alertDescription, message, cause);
Console.WriteLine("AlertLevel: " + alertLevel);
Console.WriteLine("AlertDescription: " + alertDescription);
Console.WriteLine("Message: " + message);
Console.WriteLine("Exception: " + cause);
}
}
private class CustomTlsAuthentication : TlsAuthentication
{
public TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) => null;
public void NotifyServerCertificate(Certificate serverCertificate) { }
}
因为此代码在带有PCL版本的Bouncy Castle的Xamarin App中工作,我真的不知道我在做什么错...有什么建议吗?任何帮助表示赞赏!
Since this code is working in a Xamarin App with the PCL version of Bouncy Castle, I really have no clue what I'm doing wrong here... Any suggestions? Any help is appreciated! Thank you in advance.
推荐答案
这个问题似乎只是一个错误,仅出现在专用的.NET NuGet程序包中。卸载并安装 Portable.BouncyCastle 即可解决此问题,而无需更改单行代码。
This problem seems to be a bug only appearing in the dedicated .NET NuGet package; uninstalling it and installing Portable.BouncyCastle instead solved the issue without changing a single line of code.
这篇关于BouncyCastle .NET定制的Anon CipherSuite TlsClient适用于Android,但不适用于Windows的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
