SSL connection could not be enstabilished in NET 6.0

[mircoianese]

Hello again,

I am still having issues with TLS Handshake when updating data, this time with NET 6.0 and 5.0.

The inner exeption is: Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'.

I had this issue in the past with .NET 4.7, and I "solved" it by manually specifiying the TLS protocol with: ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;, right before the HttpClient initialization.

I was not expecting this to happen with newer versions of the framework, so I highly suspect it has something to do with my environment, but I couldn't fix it.

I have also tried to create a new simple project like this:

• Created a new Console Application project targeting NET 6.0 and installed the dependencies from nuget, this is the structure:
  

• Added this code in Program.cs:

using DgcReader;
using DgcReader.BlacklistProviders.Italy;
using DgcReader.RuleValidators.Italy;
using DgcReader.RuleValidators.Italy.Models;
using DgcReader.TrustListProviders.Italy;
string qr= "HC1:....";
var httpClient = new HttpClient();

var basePath = Directory.GetCurrentDirectory();

var refreshIntervalMinutes = 60;
var minRefreshIntervalMinutes = 10;

var trustListProvider = ItalianTrustListProvider.Create(httpClient, new ItalianTrustListProviderOptions()
{
    RefreshInterval = TimeSpan.FromMinutes(refreshIntervalMinutes),
    MinRefreshInterval = TimeSpan.FromMinutes(minRefreshIntervalMinutes),
    MaxFileAge = TimeSpan.FromDays(60),
    BasePath = basePath,
    SaveCertificate = true,
    UseAvailableListWhileRefreshing = true
});

var rulesValidator = DgcItalianRulesValidator.Create(httpClient, new DgcItalianRulesValidatorOptions
{
    RefreshInterval = TimeSpan.FromMinutes(refreshIntervalMinutes),
    MinRefreshInterval = TimeSpan.FromMinutes(minRefreshIntervalMinutes),
    MaxFileAge = TimeSpan.FromDays(60),
    BasePath = basePath,
    UseAvailableValuesWhileRefreshing = true,
    ValidationMode = ValidationMode.Basic3G
});

var blacklistProvider = ItalianDrlBlacklistProvider.Create(httpClient,
                    new ItalianDrlBlacklistProviderOptions
                    {
                       RefreshInterval = TimeSpan.FromMinutes(refreshIntervalMinutes),
                        MinRefreshInterval = TimeSpan.FromMinutes(minRefreshIntervalMinutes),
                        MaxFileAge = TimeSpan.FromDays(60),
                        BasePath = basePath,
                        UseAvailableValuesWhileRefreshing = true,
                    });

try
{
    var reader = DgcReaderService.Create(trustListProvider, blacklistProvider, rulesValidator);
    var res = await reader.VerifyForItaly(qr, ValidationMode.Basic3G, throwOnError: true); // The exception is thrown here, the data is not downloaded
}
catch (Exception ex)
{
    Console.WriteLine(ex);
}

• I have also tried to clear the Nuget Cache

• This time adding ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 does not make any difference

Sorry to bother you about this, but do you have any advice?
Thank you

[DevTrevi]

Hi @mircoianese , are you on Windows 11? I think that the problem could be this, probably related to TLS1.3 and related available cipher suites:
#28 (comment)

[mircoianese]

Hi @mircoianese , are you on Windows 11? I think that the problem could be this, probably related to TLS1.3 and related available cipher suites: #28 (comment)

Hi, thanks!
It's Windows 11. I confirm that the entry in the registry as a temporary fix worked:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000001