By Tharun


2018-04-16 13:14:16 8 Comments

Am using a .net application where the client connects to our server using TCP SSL Stream. Application is using .net 4.5 and running as a windows service in Windows server 2012 R2.

We are using SHA256 certificate and Client is not able to negotiate with strict TLS 1.2. was getting "client and server cannot communicate, because they do not possess a common algorithm - SSLStream"

stream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls12, True);

Thanks to Steffen Ullrich for this answer which helped me troubleshoot further.

When we use SHA1 Certificate Client is able to successfully negotiate with TLS 1.2

from RFC

If the client does not send the signature_algorithms extension, the server MUST do the following:

If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had sent the value {sha1,rsa}.

My client is supporting SHA256 but they are not sending signature algorithm as part of the TLS 1.2 request and server by default negotiates with SHA1 and not SHA256.

SHA256,SHA1 works fine with TLS 1.0
SHA1 works with strict TLS 1.2
SHA256 not working with strict TLS 1.2

So my question Is there a way i can make the server to negotiate using SHA256 also even if my client does not send signature algorithm?

0 comments

Related Questions

Sponsored Content

0 Answered Questions

0 Answered Questions

0 Answered Questions

TLS 1.2 - The token supplied to the function is invalid

0 Answered Questions

HttpWebRequest fails with TLS 1.2

  • 2016-07-13 12:32:55
  • Simon Shine
  • 2518 View
  • 4 Score
  • 0 Answer
  • Tags:   c# .net ssl tls1.2

1 Answered Questions

[SOLVED] ECDHE how the client sends Premaster sectret

2 Answered Questions

[SOLVED] Can a TLS 1.2 server/client get by with just TLS_RSA_WITH_AES_128_CBC_SHA?

  • 2016-01-22 23:56:40
  • tomlogic
  • 1562 View
  • 15 Score
  • 2 Answer
  • Tags:   ssl tls1.2

2 Answered Questions

1 Answered Questions

[SOLVED] Why does Chrome display a "SHA1" message with a SHA2 certificate

1 Answered Questions

[SOLVED] SHA256 Server Certificate forcing ECDHE ciphers

  • 2015-02-09 10:40:51
  • James Tighe
  • 973 View
  • 0 Score
  • 1 Answer
  • Tags:   ssl encryption

Sponsored Content