Adding Cipher suite to TLS1.2 of HttpClient of dotnetcore 3.1

0

I encounter the folowing exception when connecting to the website of Western digital:

website of Western digital

22:02:34,803 |      HttpGrabber | DEBUG | Grabbing: GET https://shop.westerndigital.com/de-de/products/internal-drives/wd-red-sata-2-5-ssd#WDS200T1R0A
22:02:34,858 |      HttpGrabber | DEBUG | System.Net.Http.SocketsHttpHandler.Http2Support: True
22:02:34,865 |      HttpGrabber | DEBUG | System.Net.Http.UseSocketsHttpHandler: True
22:02:35,067 |      HttpGrabber | ERROR | System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.)
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> System.ComponentModel.Win32Exception (0x80090326): Le message reçu était inattendu ou formaté de façon incorrecte.
   --- End of inner exception stack trace ---

I think that the C# code is correct as I have 3/4 Unit test Passing:

        [TestCase("https://allianz-fonds.webfg.net/sheet/fund/FR0013192572/730?date_entree=2018-04-04")]
        [TestCase("https://www.galaxus.de/de/s1/product/zotac-zbox-magnus-en72070v-intel-core-i7-9750h-0gb-pc-13590721")]
        [TestCase("https://www.hystou.com/Gaming-Mini-PC-F7-with-Nvidia-GeForce-GTX-1650-p177717.html")]
        [TestCase("https://shop.westerndigital.com/de-de/products/internal-drives/wd-red-sata-2-5-ssd#WDS200T1R0A")]

Unit test pass

The SSL diagnostic done by ssllabs gives a list of supported cipher suites handled by the website of Western digital: diagnostic

Firefox connects succesfully to the website, and Wireshark spots that firefox has 1 cipher in the list: cipher list of firefox

However my dotnet core application has a fatal in the ssl handshake because it has not a single cipher common with WD :

dot net cipher suite

I took a lot of time to understand that the error comes from here.... if it really comes from here.

Hence 2 questions comes from this analysis:

  • Is it possible to add a cipher suite in my dot net core 3.1 application , written in C# to be compliant with this website ? I have seen discussion on internet stipulating that maybe the Us company which is Microsoft is not allowed to export strong cryptographic algorithms... if this is true, what about firefox (Usa too) using the same suite as Western digital (Usa too).

  • Is there a possibility to use in C# another library ( I think about open SSl) but the other library does provide all layers of https (ie propose equivalent of httpClient) / what about crossplatform to avoid loosing the cross platform feature of dotnetcore ....

Remark: Even Fiddler has this problem ! Which is understandable as it is also relying on the dot net framework technology: Fiddler handshake

  • To answer comment of @Steffen Ullrich I run this stuff on Win7: Windows version
c#
ssl
.net-core
https
webclient
asked on Stack Overflow Apr 6, 2021 by Thierry Brémard • edited Apr 7, 2021 by Thierry Brémard

2 Answers

0

.NET Core uses the ciphers supported by the native TLS stack, i.e. SChannel. Which ciphers are supported depend on the version of Windows. Which ciphers are supported by your OS (is documented in TLS Cipher Suites in Windows 7. As you can see, none of the ciphers offered by the server are supported by your OS.

With Firefox or Chrome browser the situation is different. These come with their own stack and are thus not limited on what the OS offers. That's why they work.

answered on Stack Overflow Apr 7, 2021 by Steffen Ullrich
0

Indeed the same code PASS succefully when executed on Windows 10: win 10 exec

answered on Stack Overflow Apr 16, 2021 by Thierry Brémard

User contributions licensed under CC BY-SA 3.0