Answer the question
In order to leave comments, you need to log in
V
V
Vladislav2016-01-21 12:28:03
Vladislav, 2016-01-21 12:28:03
What needs to be done to make a server on .NET and a piece of iron using TLS 1.2?
Available:
- Tcp server on C# .NET 4.5 listening port using TLS 1.2 protocol
- device with Wi-Fi module CC3100 from TI.
The device must be able to connect to the server.
The required certificates were generated for the solution. And fed to both sides. But the server stubbornly refuses to accept the connection, motivating this by the fact that the parties have different work algorithms.
openssl accepts a connection with the same set of certificates.
We sin on the mismatch of possible encryption algorithms on the device and on the server. But the question is what the hell, because the server has more features and, in theory, it should support the entire zoo.
Supported algorithms on the device:
SL_SEC_MASK_SSL_RSA_WITH_RC4_128_SHA
SL_SEC_MASK_SSL_RSA_WITH_RC4_128_MD5
SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA
SL_SEC_MASK_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
SL_SEC_MASK_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
SL_SEC_MASK_TLS_ECDHE_RSA_WITH_RC4_128_SHA
SL_SEC_MASK_TLS_RSA_WITH_AES_128_CBC_SHA256
SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA256
SL_SEC_MASK_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SL_SEC_MASK_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256Server certificate:
$ openssl x509 -in server.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11764687502553609488 (0xa34490f39b2f7510)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=RU, L=Novosibirsk, O=Server, CN=root CA
Validity
Not Before: Jan 21 05:19:45 2016 GMT
Not After : Feb 20 05:19:45 2016 GMT
Subject: C=RU, L=Novosibirsk, O=lab, CN=aaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:b9:fb:e3:f7:68:d3:a0:6c:43:aa:0d:c1:cb:34:
c5:fb:b9:ae:70:16:af:f9:f5:61:05:40:7f:bc:50:
b6:5b:f6:4a:01:5a:62:ab:9f:43:f6:c4:93:8b:1e:
a7:39:71:0c:ac:68:6f:5e:9f:ec:60:5a:ca:7e:4a:
c9:8e:c7:2d:db:b4:90:8c:da:b2:83:14:8d:c9:41:
16:2e:4f:4c:e9:ba:54:79:f3:7c:be:0c:83:5d:c6:
45:77:34:09:b6:70:e9:dc:bc:db:c4:af:65:98:29:
66:3b:68:ee:f6:81:30:a6:27:58:81:5e:53:08:b8:
57:e8:ae:c9:72:fc:ce:f7:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:DE:77:99:E4:66:B8:2B:53:6C:B7:18:72:7E:2C:BD:E1:45:0B:07:E4
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
75:45:ed:d1:ff:5e:d3:54:44:1b:89:91:31:21:46:cc:7b:9e:
83:a2:26:98:e0:03:26:05:0b:fc:39:ec:e9:e5:8e:52:f2:83:
9e:6a:18:63:47:72:31:1a:59:14:7a:c4:b9:a4:43:f1:56:86:
54:47:13:1d:42:5e:66:c6:0a:bf:c7:46:dc:76:5d:0f:1a:c6:
f4:92:04:7d:05:84:6e:2e:11:a8:cd:3c:8e:de:c8:3c:84:b0:
cb:23:c4:f9:91:f1:28:ce:46:24:56:cb:38:b7:92:e8:3e:e4:
95:89:29:61:29:60:9e:aa:bf:f9:0d:6b:9a:90:ad:1f:45:85:
0a:ff:5d:e5:13:83:2a:8e:3b:5f:5c:62:8f:bb:92:9c:6f:a8:
35:12:74:9f:2c:30:77:db:d2:90:c5:69:3d:bd:0a:4f:a7:ba:
5c:b4:5a:e5:e6:74:13:41:a3:57:55:bf:61:8e:3e:46:1e:22:
35:09:73:0f:d7:23:f6:93:43:4f:65:1e:e2:93:bd:f3:9c:68:
b1:ba:18:65:bf:59:99:bf:b4:5e:4a:66:f9:3e:7e:2c:e2:75:
ac:d7:f8:8e:1a:c4:92:3f:56:99:ff:3f:0e:01:2f:3e:96:90:
a6:6a:db:69:f9:b9:d0:b3:6b:be:bb:1e:8a:0a:b5:51:a9:9d:
17:60:38:35Сертификат клиента такой же, только в DER формате.
Уже попробовал всяко-разно - подключить не получается. Вылетает исключение, что алгоритмы разные.
UPD: попробовали сертификат сервера, в котором открытый ключ ECC(256 bits) ECDH_P256. В openssl видно, что сменился алгоритм шифрования на ECDHE-ECDSA-AES128-SHA256 был ECDHE-RSA-RC4-SHA. Но к tcp серверу на .NET так и не подключился - ошибка та же.
Similar questions
I
U
P
P
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question