-
Notifications
You must be signed in to change notification settings - Fork 5.2k
Closed
Labels
Milestone
Description
Description
Steps to reproduce:
It seems that if I explicitly use SslProtocols.Tls13 when authenticating as a client, I get "Win32Exception (0x80090304): The Local Security Authority cannot be contacted". If I do not explicitly set the SslProtocols, it will successfully negotiate TLSv1.3.
-
Enable TLSv1.3 on Windows 10 21H1 (Build 19043.985), reboot.
I did this with:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 -
Run the following snippet:
using System; using System.Net.Security; using System.Net.Sockets; using System.Security.Authentication; using TcpClient client = new TcpClient(); await client.ConnectAsync("github.com", 443); await using SslStream sslStream = new SslStream(client.GetStream()); await sslStream.AuthenticateAsClientAsync("github.com", null, SslProtocols.Tls13, true); Console.WriteLine(sslStream.SslProtocol);
It will fail for me with:
Unhandled exception. System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090304): The Local Security Authority cannot be contacted
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at <Program>$.<<Main>$>d__0.MoveNext() in D:\code\personal\scratch\Program.cs:line 10
--- End of stack trace from previous location ---
at <Program>$.<<Main>$>d__0.MoveNext() in D:\code\personal\scratch\Program.cs:line 11
--- End of stack trace from previous location ---
at <Program>$.<Main>(String[] args)
If I change AuthenticateAsClientAsync to await sslStream.AuthenticateAsClientAsync("github.com"); by removing the explicit protocol configuration, it does not fail and correctly negotiates TLSv1.3.
Configuration
Reproduces on .NET 5 and .NET 6 Preview 4.