.NET SslStream not working

Question

.NET SslStream not working

I am trying to initialize the tls tunnel with .net SslStream, but after opening the stream, I always get the following error:

"Unable to read data from the transport connection: the established connection was interrupted by the software of your host computer."

After I established the tls connection and after sending the second message.

I have been looking for an answer in the last four days, but there is no useful information on the Internet!

edit: I'm trying to connect to talk.google.com

and I am using sample code from MSDN. The only difference is that I send data before and when it is time to use tls, I do the following:

public void SecureStream() { netStream.Flush(); sslStream = new SslStream(netStream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); sslStream.AuthenticateAsClient("talk.google.com");}

edit: I managed to fix the first error (a small error in the way I handled sending), now I always get

"Unable to read data from the transport connection: the established connection was interrupted by the software of your host computer."

edit2: I did not send any spaces. I rewrote the message transfer part, and I still have the same problem.

I start with

  String streamInit = "<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' to='google.com' version='1.0'>"; client.Send(streamInit);

Then after receiving I have the following

  static void client_MessageReceived(SyncronousClient source, string Result) { if (Regex.IsMatch(Result, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"><required/></starttls>")) { String startTlS = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"; source.Send(startTlS); } else if (Regex.IsMatch(Result, "<proceed xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>")) { //Do TLS Magic source.SecureStream(); String streamReInit = "<stream:stream xmlns='jabber:client'xmlns:stream='http://etherx.jabber.org/streams'to='google.com'version='1.0'>"; source.Send(streamReInit); } else if (Regex.IsMatch(Result, "<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">")) { //String AuthType = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='X-GOOGLE-TOKEN'/>"; String AuthType = "<auth xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\" mechanism=\"PLAIN\"/>"; source.Send(AuthType); }}

+4

c # ssl xmpp sslstream

Marcom Jan 12 '11 at 22:16

source share

2 answers

Joe hildebrand · Answer 1 · 2011-01-26T09:53:13+0000

This is unlikely to be your problem (unless .NET started making SNI under covers), but when you call AuthenticateAsClient, pass in the same domain name that you used in your stream for the attribute (in this case google.com ). Alternatively, you may need gmail.com instead of google.com :

 sslStream.AuthenticateAsClient("gmail.com", null, SslProtocols.Tls, false);

As stated in csharptest.net, make sure you don't have a keepalive timer that sends extra spaces, or wait to start the timer until TLS runs. The only other way I can imagine that you are getting this error is if you do not have ciphersuite that implements the server, but I know that .Net SslStream works against GTalk.

Finally, use one of the existing .Net libraries for XMPP (listed here ), and you can start writing much more fun code right away. You are about to encounter the flaws of the .NET XML system, and your regex approach will not work when you start getting partial stanzas or several stanzas in one reading.

csharptest.net · Answer 2 · 2011-01-12T23:19:06+0000

It really doesn't make sense to me. The server using SSL requires the client to perform SSL handshaking on connection. So I'm not sure what you mean by "I send data earlier ...". It looks like you are not immediately calling AuthenticateAsClient. If so, I suspect this is your problem. AFAIK, you cannot use the same socket / connection connection for SSL and non-SSL communication. Either the server requires SSL, or it does not support it, it should never do both.

My previous answer above was in the dark. In fact, it seems that the standard does require that connections send and receive data before initiating SSL handshaking. It's really strange that they will do it ... but anything. After a brief reading of the parts of the RFC, it seems that you should start authorizing the SSL client immediately after closing '>'. Scrolling spaces is not allowed, what could be your problem?

.NET SslStream not working

More articles: