<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Hello *,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Even if no one know what to do, has anyone ever used OpenSSL Server? and if so, is there any configuration parameters that I should take care of in case of OpenSSL Server?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I hope to hear positive response from you guys.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Amr <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:DE">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:DE"> Hegazi, Amr
<br>
<b>Sent:</b> Tuesday, July 25, 2017 6:50 PM<br>
<b>To:</b> 'openssl-users@openssl.org'<br>
<b>Subject:</b> Considering C# OpenSSL openssl-net-master<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hello *,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I’m using the last version of C# OpenSSL from
<a href="https://github.com/openssl-net/openssl-net">https://github.com/openssl-net/openssl-net</a> (This wrapper is based on version 1.0.2a of libeay32.dll and ssleay32.dll).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I’m using C# OpenSSL to test my Tls Client that supports TLS starting from version 1.2 and all the cipher suites. Moreover, I’m using Microsoft windows 7. I have already installed Microsoft visual C++ 2010 express and
Microsoft visual Studio 2010.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I always face an error “TLSv1.2 81 - Alert (Level: Fatal, Description: Insufficient Security)”
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US">I have debugged the issue. The issue come from a function called SSL_CTX_new() which is connected to ssleay32.dll. the clienthello is always sent correctly and then the OpenSSL server replies
with Insufficient Security <o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US">The console also shows this:<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET HSM Received: ClientHello (188 bytes)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_ECDH_ECDSA_WITH_NULL_SHA (0xc001) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_RSA_WITH_NULL_SHA256 (0x003b) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET Offered suite by client: TLS_RSA_WITH_NULL_SHA (0x0002) [not supported]<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET ALERT SENT : Fatal InsufficientSecurity<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#A31515">.NET no shared cipher suites<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">And in Wireshark shows this:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">"3406.315537","fe80::ff:fe00:2","fe80::1:5","SSL","271","Client Hello"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">"3419.805155","fe80::1:5","fe80::ff:fe00:2","TLSv1.2","81","Alert (Level: Fatal, Description: Insufficient Security)"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">So, I think the error is in something related to configuration of ssleay32.dll<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My code is simple and is as follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:blue">try</span><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> TestCaseBegin();<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:#2B91AF">Output</span>.WriteLine(<span style="color:#A31515">"TLS Server Certificate preparation"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> CertDir =
<span style="color:#2B91AF">Path</span>.GetFullPath(<span style="color:#A31515">"..\\Appl\\Certificates\\Certificate"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">TlsServerCertificate = loadCertificateFromFile(<span style="color:#2B91AF">Path</span>.Combine(CertDir,
<span style="color:#A31515">@"Vector_ServerCertificate_RsaSha1_IA_pfx.pfx"</span>),
<span style="color:#A31515">"123456"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">TlsServerCaCertificates =
<span style="color:blue">new</span> <span style="color:#2B91AF">X509Chain</span>(OpenSSL.Core.<span style="color:#2B91AF">BIO</span>.File(<span style="color:#2B91AF">Path</span>.Combine(CertDir,
<span style="color:#A31515">@"Vector_ServerCertificate_RsaSha1_Root_cert.cer"</span>),
<span style="color:#A31515">"r"</span>));<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:#2B91AF">Output</span>.WriteLine(<span style="color:#A31515">"Start connection"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> TS_RcTlsConnect(<span style="color:#2B91AF">TlsConnectMode</span>.Rsa);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:#2B91AF">Output</span>.WriteLine(<span style="color:#A31515">"Send Client Hello"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> TS_WaitForTcpConnection();<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:#2B91AF">Output</span>.WriteLine(<span style="color:#A31515">"make sslStreamServer"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#2B91AF">SslStream</span><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> sslStreamServer =
<span style="color:blue">new</span> <span style="color:#2B91AF">SslStream</span>(tcpClient.GetStream(),
<span style="color:blue">true</span>, MyRemoteCertificateValidationHandler,MyLocalCertificateSelectionHandler);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt;text-autospace:none">
<span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#2B91AF">Output</span><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">.WriteLine(<span style="color:#A31515">"Start AuthenticateAsServer"</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">sslStreamServer.AuthenticateAsServer(TlsServerCertificate,
<span style="color:blue">false</span>, TlsServerCaCertificates, <span style="color:#2B91AF">
SslProtocols</span>.Tls, <span style="color:#2B91AF">SslStrength</span>.All, <span style="color:blue">
false</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:blue">catch</span> (<span style="color:#2B91AF">TestStepFailException</span> e)
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt;text-autospace:none">
<span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">{<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-indent:35.4pt;text-autospace:none">
<span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">HandleTestStepFailException(e);
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-indent:35.4pt;text-autospace:none">
<span lang="EN-US" style="font-size:9.5pt;font-family:Consolas;color:#2B91AF">Output</span><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">.WriteLine(e.ToString());<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:blue">catch</span> (<span style="color:#2B91AF">Exception</span> ex)
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt;text-autospace:none">
<span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">{ <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:70.8pt;text-indent:35.4pt;text-autospace:none">
<span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">PrintException(ex);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:#2B91AF">Output</span>.WriteLine(ex.ToString());<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas">
<span style="color:blue">finally</span><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> TestCaseEnd();<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:9.5pt;font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Has anyone an idea? <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Best Regards;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Amr<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>