Problem description: all pollsters began to complain about the program’s strange behavior (which was written in .NET 4.5) after automatic updating of Windows. Began to understand, test. Reproduced the problem on .NET 4.6.2. It turns out the SslStream transport since .NET 4.6 has changed its behavior. And it is not clear in what place.

I took a third-party transport (Chilkat), compared - the same parameters are obtained everywhere, TLS 1.0, Cipher - Aes128, Hash - Sha1, the same bytes going through the connection ...

But! - Chilkat executes normally, and SslStream connection to ReadAsync with the exception: IOException, сбой операции дешифрования . Windows error logs are empty.

Question: what exactly has changed in implementation?

ps Switch.System.Net.DontEnableSchUseStrongCrypto=true in appconfig does not help, the behavior does not change.

Update:

Looked for local exceptions, this is what has come up: System.ComponentModel.Win32Exception (0x80004005): Не удается установить связь с локальной системой безопасности. Googled, found it related to a Windows license. Although kill, I do not understand why non-activated test Windows is connected with the performance of SslStream . You can't force customers to buy licenses ...

Part of the synchronous call stack:

 System.dll!System.Net.Security._SslStream.ProcessReadErrorCode(System.Net.SecurityStatus errorCode = {неизвестно}, byte[] buffer = {неизвестно}, int offset = {неизвестно}, int count = {неизвестно}, System.Net.AsyncProtocolRequest asyncRequest = {неизвестно}, byte[] extraBuffer = {неизвестно}) System.dll!System.Net.Security._SslStream.ProcessFrameBody(int readBytes = {неизвестно}, byte[] buffer = {неизвестно}, int offset = {неизвестно}, int count = {неизвестно}, System.Net.AsyncProtocolRequest asyncRequest = {неизвестно}) System.dll!System.Net.Security._SslStream.StartFrameHeader(byte[] buffer = {неизвестно}, int offset = {неизвестно}, int count = {неизвестно}, System.Net.AsyncProtocolRequest asyncRequest = {неизвестно}) System.dll!System.Net.Security._SslStream.StartReading(byte[] buffer = {неизвестно}, int offset = {неизвестно}, int count = {неизвестно}, System.Net.AsyncProtocolRequest asyncRequest = {неизвестно}) System.dll!System.Net.Security._SslStream.ProcessRead(byte[] buffer = {неизвестно}, int offset = {неизвестно}, int count = {неизвестно}, System.Net.AsyncProtocolRequest asyncRequest = {неизвестно}) System.dll!System.Net.Security._SslStream.Read(byte[] buffer = {неизвестно}, int offset = {неизвестно}, int count = {неизвестно}) > Application.exe!<Receive>d__a.MoveNext()

Update2:

I conducted a series of tests in the process of reproducing a problem for a public review - according to preliminary data, Cipher = Aes128 is to blame, the same Aes256 is working normally.

  • Comments are not intended for extended discussion; conversation moved to chat . - Nick Volynkin

1 answer 1

For .NET 4.+ and x64 bit OS, global version:

 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchSendAuxRecord"=dword:00000000 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchSendAuxRecord"=dword:00000000

For .NET 2.+ and x64 bit OS, global version:

 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SchSendAuxRecord"=dword:00000000 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SchSendAuxRecord"=dword:00000000

Acts immediately, restarting the OS is not required.

Use only as a last resort !!! Turning off this structure is associated with high risks with respect to the old versions of the SSL \ TLS OS transport.