.Net client problem with ADH cipher

aidin36

I have a problem that I couldn't solve: I want to use ADH cipher for my ssl connection, but it doesn't work. Here's the description:

System info
I've got a server written in Python 2.6.4 and running on a GNU/Linux Ubuntu 9.10, and a client written in C# running on a Windows XP - SP2 machine. Client developed using VS2008, and .Net framework 3.5-SP1

I test it with both Ice-3.3.1 and Ice-3.4.1

Both on server and client, I compiled Ice from source code.

Problem
The problem is that client cannot connect to the server, using a SSL endpoint. Server uses ADH Cipher.

On the client side I see these lines in the Output:

A first chance exception of type 'System.IO.IOException' occurred in System.dll
A first chance exception of type 'Ice.ConnectionLostException' occurred in IceSSL.dll
A first chance exception of type 'Ice.ConnectionLostException' occurred in IceSSL.dll
A first chance exception of type 'Ice.ConnectionLostException' occurred in Ice.dll

And on the server side, I get this:

04/25/11 10:37:57.849 Network: failed to establish ssl connection
local address = 192.168.22.76:9081
remote address = 192.168.22.77:1254
TransceiverI.cpp:229: Ice::ProtocolException:
protocol exception:
SSL error occurred for new incoming connection:
remote address = 192.168.22.77:1254
error # = 336109761
message = error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
location = s3_srvr.c, 1006

Additional information
I wrote a test client with Python, and it could connect to the server without any problems. Also on the Windows machine, I could successfully connect to my server using Openssl client, with the following command:

openssl.exe s_client -host 192.168.22.76 -port 9081 -cipher ADH

But my client cannot connect.

I even copy/paste all of the DLLs and EXEs of the Ice into my output, and add Ice to Windows PATH, INCLUDE, and LIB. But it seems that it still can't find something.

I should tell you that if I use TCP, there's not problem at all.

Code
Here's my properties on the server side:

URL: "ssl -h %s -p %d" % (host, port)

properties.setProperty('Ice.ThreadPool.Server.Size', '64')
properties.setProperty('Ice.MessageSizeMax', '10240')
properties.setProperty('Ice.Override.Compress', '1')
properties.setProperty('Ice.Plugin.IceSSL', 'IceSSL:createIceSSL')
properties.setProperty("IceSSL.Ciphers", "ALL:@STRENGTH")
properties.setProperty("IceSSL.VerifyPeer", "0")

And on my client side is:

URL = string.Format("{0}:ssl -h {1} -p {2} -z", service, host, port);
Ice.InitializationData data = new Ice.InitializationData();
data.properties = Ice.Util.createProperties();
data.properties.setProperty("Ice.MessageSizeMax", "10240");
data.properties.setProperty("Ice.Plugin.IceSSL", IceSSL.dll:IceSSL.PluginFactory");
data.properties.setProperty("IceSSL.Ciphers", "ADH");
data.properties.setProperty("IceSSL.VerifyPeer", "0");
data.properties.setProperty("Ice.ThreadPool.Client.Size", "1");
data.properties.setProperty("Ice.ThreadPool.Client.SizeMax", "1");
data.properties.setProperty("Ice.Compression.Level", "1");

Any ideas?
Thanks in advanced.

mes

The .NET SslStream class (which is used by the IceSSL implementation) requires certificate-based authentication. Here's a quote from MSDN:

After creating an SslStream, the server and optionally, the client must be authenticated. The server must provide an X509 certificate that establishes proof of its identity and can request that the client also do so. Authentication must be performed before transmitting information using an SslStream.

So I'm afraid it's not currently possible to use ADH in .NET.

Regards,
Mark

aidin36

Thanks a lot for your answer.

You're right. I can't use ADH in .Net :`(