Cannot decode complete cipher list in .NET SslStream handshake.
Posted
by
karmasponge
on Stack Overflow
See other posts from Stack Overflow
or by karmasponge
Published on 2011-01-12T06:05:29Z
Indexed on
2011/01/12
6:53 UTC
Read the original article
Hit count: 285
While attempting to move from a 'C' based SSL implementation to C# using the .NET SslStream and we have run into what look like cipher compatibility issues with the .NET SslStream and a AS400 machine we are trying to connect to (which worked previously).
When we call SslStream.AuthenticateAsClient it is sending the following:
16 03 00 00 37 01 00 00 33 03 00 4d 2c 00 ee 99 4e 0c 5d 83 14 77 78 5c 0f d3 8f 8b d5 e6 b8 cd 61 0f 29 08 ab 75 03 f7 fa 7d 70 00 00 0c 00 05 00 0a 00 13 00 04 00 02 00 ff 01 00
Which decodes as (based on http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt)
[16] Record Type
[03 00] SSL Version
[00 37] Body length
[01] SSL3_MT_CLIENT_HELLO
[00 00 33] Length (51 bytes)
[03 00] Version number = 768
[4d 2c 00 ee] 4 Bytes unix time
[… ] 28 Bytes random number
[00] Session number
[00 0c] 12 bytes (2 * 6 Cyphers)?
[00 05, 00 0a, 00 13, 00 04, 00 02, 00 ff] -> [RC4, PBE-MD5-DES, RSA, MD5, PKCS, ???]
[01 00] Null compression method
The as400 server responds back with:
15 03 00 00 02 02 28
[15] SSL3_RT_ALERT
[03 00] SSL Version
[00 02] Body Length (2 Bytes)
[02 28] 2 = SSL3_RT_FATAL, 40 = SSL3_AD_HANDSHAKE_FAILURE
I'm specifically looking to decode the '00 FF' at the end of the cyphers. Have I decoded it correctly? What does, if anything, '00 FF' decode too?
I am using the following code to test/reproduce:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.IO;
using System.Diagnostics;
using System.Security.Cryptography.X509Certificates;
namespace TestSslStreamApp
{
class DebugStream :
Stream
{
private Stream AggregatedStream { get; set; }
public DebugStream(Stream stream) { AggregatedStream = stream; }
public override bool CanRead { get { return AggregatedStream.CanRead; } }
public override bool CanSeek { get { return AggregatedStream.CanSeek; } }
public override bool CanWrite { get { return AggregatedStream.CanWrite; } }
public override void Flush() { AggregatedStream.Flush(); }
public override long Length { get { return AggregatedStream.Length; } }
public override long Position
{
get { return AggregatedStream.Position; }
set { AggregatedStream.Position = value; }
}
public override int Read(byte[] buffer, int offset, int count)
{
int bytesRead = AggregatedStream.Read(buffer, offset, count);
return bytesRead;
}
public override long Seek(long offset, SeekOrigin origin) { return AggregatedStream.Seek(offset, origin); }
public override void SetLength(long value) { AggregatedStream.SetLength(value); }
public override void Write(byte[] buffer, int offset, int count)
{
AggregatedStream.Write(buffer, offset, count);
}
}
class Program
{
static void Main(string[] args)
{
const string HostName = "as400";
TcpClient tcpClient = new TcpClient(HostName, 992);
SslStream sslStream = new SslStream(new DebugStream(tcpClient.GetStream()), false, null, null,
EncryptionPolicy.AllowNoEncryption);
sslStream.AuthenticateAsClient(HostName, null, SslProtocols.Ssl3, false);
}
}
}
© Stack Overflow or respective owner