TlsException on WindowsCE 6.0: Server certificate signature uses a hash algorithm that is not supported on this platform

+1 vote
asked May 31, 2016 by f.debbia (130 points)

Hi,
I'm trying to connect to gmail smtp server with SSL, using Rebex.Net.Smtp object, but I get this exception "Server certificate signature uses a hash algorithm that is not supported on this platform" on the connect.

Here is my code:

Smtp client = new Smtp();
client.Connect("smtp.gmail.com", SslMode.Implicit);

I'm using CF 3.5 over WindowsCE 6.0 platform.

How can I provide the algorithm implementation?

Thanks in advance.

Francesca

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered May 31, 2016 by Pavel Matyska (9,680 points)
edited Jul 1, 2016 by Lukas Pokorny

Update:

Starting with version 2016 R2, Rebex components support SHA-2 family of hash algorithms (includes SHA-256, SHA-384 and SHA-512) on all .NET Compact Framework platforms.

Original answer:

Hi,

You encountered a certificate that uses SHA-2 algorithm to compute its hash. Since Microsoft do not support .NET CF any more, the latest version of .NET CF supports only SHA-1 algorithms. But we are working on a version of our components that can accept certificates that uses SHA-2 algorithms. Here you can download a beta build of our [Secure Mail Trial version][2] that supports SHA-2 and give it a try. You still have to validate the certificate yourself, see the code below for an example how to do it. We are also working on our engine that will validate the SHA-2 based certificates on .NET CF automatically.

The simplest way of certificate validation is to check the certificates thumbprint and compare it to a known (and trusted) value. It can be done like this:

Smtp client = new Smtp();
client.ValidatingCertificate += client_ValidatingCertificate;

client.Connect("smtp.gmail.com", SslMode.Implicit);

// continue with the work here

and the validation handler:

static void client_ValidatingCertificate(object sender, SslCertificateValidationEventArgs e)
{
    if (e.Certificate.Thumbprint == "correct thumbprint")
        e.Accept();
    else
        e.Reject();
}

If you have a licenced version of our component or are trying another one than the Rebex Secure Mail, please contact us at support@rebex.net with this information and we will send you proper beta build of that component (full version and/or different package).

...