'Interop Crypto OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

No matter target to net5.0 or net6.0 framework, when trying to create a sslstream, it repeatedly throw the error running on Ubuntu OS while works on Windows OS, what's the proper way to handle this error ?

Error Message

 System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
       ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
       ---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
         --- End of inner exception stack trace ---
         at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
         at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
         --- End of inner exception stack trace ---
         at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)

Sample Code

public static SslStream CreateSslStream(this TcpClient client, bool leaveInnerStreamOpen = false)
{
    var validationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
    var selectionCallback = new LocalCertificateSelectionCallback(SelectLocalCertificate);
    return new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback);
}
.net-coretcpclientsslstream


Solution 1:[1]

I referenced the ticket: Reopen #44191: SSL/TLS handshake fails in Ubuntu 20.04 and Net 5.0.1, making a custom openssl.cnf, now the problem is got resolved.

/etc/ssl/openssl.cnf

# Add this in the head of the file
openssl_conf = openssl_init

#
# skip
#

# And the following in the end of the file
[openssl_init]
ssl_conf = ssl_config

[ssl_config]
system_default = tls_defaults

[tls_defaults]
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.2

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

How do I add Pulumi to my GitHub Codespaces / VSCode .NET devcontainer?

Unit Testing WeakReference

Nearest location from JSON column

Using 'UseMvc' to configure MVC is not supported while using Endpoint Routing

Azure Functions how to get a new local.settings.json?

Unable to create an object of type 'MyContext'. For the different patterns supported at design time

Unable to start process dotnet.exe

Is it possible to run a .NET Core console application silently (hide console window)?

Displaying website image testing vs. production

How to set json serializer settings in asp.net core 3?

Form view designer is not working in Visual Studio 2019 with C# .NET Core 3.1 [duplicate]

Remove unnecessary usings with dotnet format

Assets file project.assets.json doesn't have a target for 'net6.0-windows10.0.19041.0/win-x64'

The constraint reference 'string' could not be resolved to a type. (netcoreapp3.0)

How to use Bootstrap modal in Blazor client app?