+1 vote
by (130 points)

How to connect to a secure web socket server using wss:// and a key or a certificate ?

1 Answer

0 votes
by (70.2k points)

To handle client certificate requests, please use the WebSocketClient.Settings.SslClientCertificateRequestHandler property.

It can look like this:

// initialize new web socket client instance
var client = new WebSocketClient();

// implement your own ICertificateRequestHandler or use one of predefined
client.Settings.SslClientCertificateRequestHandler =
                    CertificateRequestHandler.StoreSearch;

// connect to desired server
client.Connect("wss://example.com");

For more examples, please visit Client certificate authentication.

by (130 points)
One more question ,
like you advised , in order to supply client with a certificate we should use :
Certificate certPath = Certificate.LoadDer(path);
           client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(certPath);

Could path string be a normal path to the certificate file, like "/path.pem" ?
or is there another load certificate function for creating Certificate from a simple .pem file  ?
by (70.2k points)
Please note that a certificate with associated private key is required to perform Client Certificate Authentication. If you want to use a certificate stored on the disk, you can use it like this (if it is stored in a .pfx file):

CertificateRequestHandler.CreateRequestHandler(Certificate.LoadPfx(certPath, certPassword));

or this (if you have associated private key stored elsewhere):

CertificateRequestHandler.CreateRequestHandler(Certificate.LoadDerWithKey(certPath, keyPath, keyPassword));
by (130 points)
What it the certificate is stored as a .pem file , should we use
CertificateRequestHandler.CreateRequestHandler(Certificate.LoadPfx(certPathPEM, certPassword));
as well  ?
How could we use cerPrivateKey instead of  certPassword ?

for example :
CertificateRequestHandler.CreateRequestHandler(Certificate.LoadDerWithKey(certPathPEM, keyPath, null));
by (70.2k points)
The PEM file can contain many things. It can contain certificate(s), private key(s), both of that or something else. Please, open your PEM file in a text editor and locate all lines starting with: -----BEGIN

After the BEGIN, you will see a label (labels are defined in https://www.rfc-editor.org/rfc/rfc7468#section-4). This way, you can see what your PEM file actually contains.

Now to your questions:
1) Certificate.LoadPfx() can be used only to load files in PFX format. For PEM format use LoadDer() or LoadDerWithKey().

2) If you have private key in a separate file, use the Certificate.LoadDerWithKey(certPem, keyPem, string.Empty). If the key does not have password, I suggest to specify string.Empty. It will work for both cases no-password and empty-password.

If you do not have the private key stored on disk, it is still possible to associate it with the loaded certificate using the Certificate.Associate(privateKey) method (for details see https://www.rebex.net/doc/api/Rebex.Security.Certificates.Certificate.Associate.html).
by (130 points)
edited by
Thanks for your answer,
Procceeding the way you advised , using the following code :
 var path = Path.Combine(_locator.GetPlatformSpecificService().getFolder(), "signedCertificate.pem");
                // stream reading the file
                FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read);
                MemoryStream ms = new MemoryStream();
                fs.CopyTo(ms);
                //               
                String signedCertificate = _secureStorageService.GetSignedCertificate().Result;
                byte[] byteArray = Encoding.ASCII.GetBytes(signedCertificate);
                MemoryStream keystream = new MemoryStream(byteArray);
                client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(Certificate.LoadDerWithKey(ms, keystream, null));

i get **Rebex.Security.Certificates.CertificateException:** 'Unexpected certificate format.'
How should I solve this issue?

** my pem certificate starts with
-----BEGIN CERTIFICATE-----
....AnKJAnsmIIsdKLJLEORImM......
-----END CERTIFICATE-----
by (70.2k points)
When you call fs.CopyTo(ms); the ms.Position is pointing to the end of stream. When you call LoadDerWithKey(ms, ...) there is zero data read from the ms, which causes the error.

Please set ms.Position = 0; just after fs.CopyTo(ms);

or even simpler, do it like this:

  var path = Path.Combine(_locator.GetPlatformSpecificService().getFolder(), "signedCertificate.pem");
  var ms = new MemoryStream(File.ReadAllBytes(path));
by (130 points)
edited by
Thanks again,
I ve updated my code as follows ,    
 String signedCertificate = _secureStorageService.GetSignedCertificate().Result;
                var privateKeyInfoRetrieved = _secureStorageService.getPrivateKeyInfo().Result;
                byte[] byteArray1 = Encoding.UTF8.GetBytes(privateKeyInfoRetrieved);
                byte[] byteArray = Encoding.UTF8.GetBytes(signedCertificate);
                var password = _secureStorageService.getPrivateKeyInfoPassword().Result;

                using (MemoryStream  certstream = new MemoryStream(byteArray))
                {
                    using (MemoryStream keystream = new MemoryStream(byteArray1))
                    {
                        try
                        {
                            client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(Certificate.LoadDerWithKey(certstream, keystream, password));
                        }
                        catch (Exception ex)
                        {
                            System.Diagnostics.Debug.Write(ex.Message);
                        }
                    }
                }


my private key is  :

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGVMFEGCSqGSIb3DQEFDTBEMCMGCSqGSIb3DQEFDDAWBBDQ72PvQc0ploZDAL2L
unifAgIIADAdBglghkgBZQMEASoEELnlPGjG6qAwCzI00W88Z0YEQH54Agf3Gy7q
7DXnlKBmRnMLJyXaZoZZK99SfHK8xHUbBKVI09+rR/HLMb205qLkqr5SGD1iQN6X
dru/IcIf+Xk=
-----END ENCRYPTED PRIVATE KEY-----

and  my pem certificate is as  
-----BEGIN CERTIFICATE-----
....AnKJAnsmIIsdKLJLEORImM......
-----END CERTIFICATE-----

Finally I get an error when executing
                            client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(Certificate.LoadDerWithKey(certstream, keystream, password));

System.Security.Cryptography.CryptographicException
  Message=`MonoBtlsPkcs12.Import` failed.


As I observerd, https://stackoverflow.com/questions/72966449/unable-to-create-a-x509certificate2-from-raw-byte-array-in-xamarin-on-android-10, there seem to be a dependency issue with the different cryptography libraries used simultaneously in the project.
(We also use SshNet.Security.Cryptography related to renci software)
How could we overcome this issue ?
by (70.2k points)
Can you please tell us the OS and platform you are using?

Can you please provide whole exception stack trace?
It can be done like this:

  System.Diagnostics.Debug.Write(ex.ToString());
by (130 points)
developing on xamarin forms , in w10 os and deploying code to android 11 device.
Initially I was getting (debug.writeline)

System.Security.Cryptography.CryptographicException
  Message=`MonoBtlsPkcs12.Import` failed.

when suppling client with certificate.
Then, rebuilding the app , resolved that problem and now I m getting

[0:] An error occurred while opening the WebSocket


when executing

                await client.ConnectAsync("wss://" + _socketServerIp + ":port", CancellationToken.None);

Socket server is live - double checked .
How could I understand if certificate is not accepted ?
Could there be a more detailed logging of what is happening upon web socket error ?

Thank you for your kind interest answering repeatedlly
by (70.2k points)
Is your code correct? I mean this:

   client.ConnectAsync("wss://" + _socketServerIp + ":port", CancellationToken.None);

This will evaluate to something like: "wss://127.0.0.1:port" which is of course an invalid URI.

Please try this instead:

   await client.ConnectAsync("wss://" + _socketServerIp + ":" + port, CancellationToken.None);

According detailed logging, please specify LogWriter. It can be done like this:

  var client = new WebSocketClient();
  client.LogWriter = new Rebex.FileLogWriter(@"c:\data\wss.log", Rebex.LogLevel.Verbose);
  client.Connect("wss://host:port");

For more details about logging please visit https://www.rebex.net/websocket/features/logging.aspx
by (130 points)
Followed your advice for the client connect function and set it up like
   await client.ConnectAsync("wss://" + _socketServerIp + ":" + port, CancellationToken.None);
After executing it  logged some errors  :
----websocket log----2023-02-16 08:16:58.046 Opening log file.
2023-02-16 08:16:58.051 INFO FileLogWriter(1)[11] Info: Assembly: Rebex.Common R6.10 for .NET Standard 2.1
2023-02-16 08:16:58.055 INFO FileLogWriter(1)[11] Info: Platform: Android (Unix 4.14.116.0) 64-bit ARM; CLR: Mono 6.12.0 (2020-02/a96bde9730e)
2023-02-16 08:16:58.056 DEBUG FileLogWriter(1)[11] Info: Culture: en; Windows-1252
2023-02-16 08:16:58.098 INFO WebSocketClient(1)[11] WebSocket: Connecting to 'wss://192.168.0.1:28441/'...
2023-02-16 08:16:58.099 INFO WebSocketClient(1)[11] Info: Assembly: Rebex.WebSocket R6.10 for .NET Standard 2.1
2023-02-16 08:16:58.099 INFO WebSocketClient(1)[11] Info: Platform: Android (Unix 4.14.116.0) 64-bit ARM; CLR: Mono 6.12.0 (2020-02/a96bde9730e)
2023-02-16 08:16:58.099 DEBUG WebSocketClient(1)[11] Info: Culture: en; Windows-1252
2023-02-16 08:16:58.136 INFO WebSocketClient(1)[93] HTTP: Connecting to 'https://192.168.0.1:28441'...
2023-02-16 08:16:58.170 DEBUG WebSocketClient(1)[93] Proxy: Connecting to 192.168.0.1:28441 (no proxy).
2023-02-16 08:16:58.281 DEBUG WebSocketClient(1)[93] Proxy: Connection established.
2023-02-16 08:16:58.373 DEBUG WebSocketClient(1)[93] TLS: Using classic TLS core.
2023-02-16 08:16:58.382 DEBUG WebSocketClient(1)[93] TLS: Enabled cipher suites: 0x000F3DF7EBE00640.
2023-02-16 08:16:58.387 DEBUG WebSocketClient(1)[93] TLS: Applicable cipher suites: 0x00003C002BE00640.
2023-02-16 08:16:58.399 VERBOSE WebSocketClient(1)[93] TLS: Sent TLS packet:
 0000 |16-03-03-00-77-01-00-00 73-03-03-63-ED-CA-5A-B5| ....w...s..c..Z.
 0010 |42-C3-0B-F5-03-02-FA-DC 8F-44-7F-53-70-B8-2C-FB| B........D.Sp.,.
 0020 |5B-57-14-3F-BB-0B-81-A8 22-C9-5F-00-00-1E-00-9F| [W.?...."._.....
 0030 |00-9E-00-6B-00-67-00-9D 00-9C-00-3D-00-3C-00-33| ...k.g.....=.<.3
 0040 |00-39-00-2F-00-35-00-16 00-0A-00-FF-01-00-00-2C| .9./.5.........,
 0050 |00-00-00-10-00-0E-00-00 0B-31-39-32-2E-31-36-38| .........192.168
 0060 |2E-30-2E-31-00-0D-00-14 00-12-04-01-04-03-05-01| .0.1............
 0070 |05-03-06-01-06-03-02-01 02-03-02-02            | ............
2023-02-16 08:16:58.400 DEBUG WebSocketClient(1)[93] TLS: HandshakeMessage:ClientHello was sent.
2023-02-16 08:16:58.617 VERBOSE WebSocketClient(1)[93] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-46                           | ......F
2023-02-16 08:16:58.619 INFO WebSocketClient(1)[93] TLS: Fatal Alert:ProtocolVersion was received.
2023-02-16 08:16:58.627 DEBUG WebSocketClient(1)[93] TLS: Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end.
  at zbfys.kmzch.gcbov (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00085] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.xpfij (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00065] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000f2] in <92378deb221948dfa4cafbbc95220b36>:0
2023-02-16 08:16:58.632 ERROR WebSocketClient(1)[93] HTTP: Error while sending request: Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end.
  at zbfys.kmzch.gcbov (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00085] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.xpfij (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00065] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000f2] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.sbkup.cumxx () [0x00163] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.kknju () [0x00071] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.uwdop () [0x00056] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.pfonj () [0x00000] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.ovayl () [0x00006] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.Negotiate () [0x00014] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.eaxpd (Rebex.Net.ISocket p0, Rebex.Net.TlsCipher& p1) [0x00032] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.lzmdw () [0x0003e] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.jednq () [0x000c9] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.amhvz (System.Boolean p0) [0x000f5] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.iehix () [0x001b9] in <92378deb221948dfa4cafbbc95220b36>:0
2023-02-16 08:16:58.832 ERROR WebSocketClient(1)[93] WebSocket: Error occurred: Rebex.Net.WebSocketException: An error occurred while opening the WebSocket. ---> zbfys.hvzit: Fatal error 'ProtocolVersion' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end.
  at zbfys.kmzch.gcbov (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00085] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.xpfij (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00065] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000f2] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.sbkup.cumxx () [0x00163] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.kknju () [0x00071] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.uwdop () [0x00056] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.pfonj () [0x00000] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.ovayl () [0x00006] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.Negotiate () [0x00014] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.eaxpd (Rebex.Net.ISocket p0, Rebex.Net.TlsCipher& p1) [0x00032] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.lzmdw () [0x0003e] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.jednq () [0x000c9] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.amhvz (System.Boolean p0) [0x000f5] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.iehix () [0x001b9] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.lmtsl.iehix () [0x0046a] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.vwomv+ooawi.qhosc () [0x00000] in <1385f88e458e4471a15609b64d8a7800>:0
  at System.Threading.Tasks.Task`1[TResult].InnerInvoke () [0x0000f] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/external/corert/src/System.Private.CoreLib/src/System/Threading/Tasks/Future.cs:534
  at System.Threading.Tasks.Task.Execute () [0x00000] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/external/corert/src/System.Private.CoreLib/src/System/Threading/Tasks/Task.cs:2319
--- End of stack trace from previous location where exception was thrown ---

  at zbfys.vwomv.dbzip (System.Uri p0, zbfys.dwzou p1, Rebex.Net.ISocketFactory p2, Rebex.Net.WebSocketClientSettings p3, Rebex.Net.WebSocketClientOptions p4, Rebex.Net.TlsParameters p5, System.Threading.CancellationToken p6) [0x00380] in <1385f88e458e4471a15609b64d8a7800>:0
   --- End of inner exception stack trace ---
  at zbfys.vwomv.dbzip (System.Uri p0, zbfys.dwzou p1, Rebex.Net.ISocketFactory p2, Rebex.Net.WebSocketClientSettings p3, Rebex.Net.WebSocketClientOptions p4, Rebex.Net.TlsParameters p5, System.Threading.CancellationToken p6) [0x00399] in <1385f88e458e4471a15609b64d8a7800>:0
  at Rebex.Net.WebSocketClient.ConnectAsync (System.Uri uri, System.Threading.CancellationToken cancellationToken) [0x001f4] in <1385f88e458e4471a15609b64d8a7800>:0


Is this log enough to reveal the cause ?
by (70.2k points)
From the log I can see that the client sent initial TLS 1.2 ClientHello. The server replied with 'ProtocolVersion' alert and closed the connection.

Please make sure that the TLS 1.2 is enabled at the server.

Also please make sure that the server is able to use one of the cipher suites offered by the client. In your case the client offered this suites:

DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA256
DHE_RSA_WITH_AES_128_GCM_SHA256
DHE_RSA_WITH_AES_256_CBC_SHA
DHE_RSA_WITH_AES_256_CBC_SHA256
DHE_RSA_WITH_AES_256_GCM_SHA384
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_128_GCM_SHA256
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_256_CBC_SHA256
RSA_WITH_AES_256_GCM_SHA384
by (130 points)
edited by
TLS is enabled along with the following :

SSLv3
TLSv1
TLSv1.2
TLSv1.3
but when trying to connect I get
2023-02-16 12:12:47.326 DEBUG WebSocketClient(1)[27] TLS: HandshakeMessage:ClientHello was sent.
2023-02-16 12:12:47.752 VERBOSE WebSocketClient(1)[27] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-46                           | ......F
2023-02-16 12:12:47.754 INFO WebSocketClient(1)[27] TLS: Fatal Alert:ProtocolVersion was received.
2023-02-16 12:12:47.761 DEBUG WebSocketClient(1)[27] TLS: Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end.
  at zbfys.kmzch.gcbov (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00085] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.xpfij (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00065] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000f2] in <92378deb221948dfa4cafbbc95220b36>:0
2023-02-16 12:12:47.766 ERROR WebSocketClient(1)[27] HTTP: Error while sending request: Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been reported by the remote connection end.
 

As for your sencond condition How can I detect server is able to use one of the cipher suites offered by our client  ?
Keep in mind that our client is tested using cert and key pem files that were taken from websocket server
by (70.2k points)
Can you please try your code (WebSocketClient part) in a clean Windows desktop console application?

Once it is working on Windows, we can try to port it to Android device.

I also suggest to limit TLS versions on both client and server to TLS 1.2 and later enable more versions if needed. On the client, it can be done like this:

    var client = new WebSocketClient();
    client.Settings.SslAllowedVersions = TlsVersion.TLS12;

To know which cipher suites are enabled at the server, ask your server administrator.
by (130 points)
Unfortunatelly , trying test code is not possible right now. Nevertheless did some changes in server part and now I get
2023-02-20 12:31:21.389 DEBUG WebSocketClient(1)[4] TLS: HandshakeMessage:ClientHello was sent.
2023-02-20 12:31:21.595 VERBOSE WebSocketClient(1)[4] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-28                           | ......(
2023-02-20 12:31:21.596 INFO WebSocketClient(1)[4] TLS: Fatal Alert:HandshakeFailure was received.
2023-02-20 12:31:21.603 DEBUG WebSocketClient(1)[4] TLS: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
  
What could possible mean this error and how different could the cause be than of the previous "tls protocol version error" ?
Thanks again
by (70.2k points)
From the client side, I cannot tell you much. You have to look at the server logs.

I can only clarify you, what mean the raw bytes received by the client:
  15- Message is Alert
  03-03- Version is TLS 1.2
  00-02- Length of payload is 2B
  02- Alert severity is Fatal (critical error)
  28 - Reason is `HandshakeFailure`

That is all we can say from the client point of view. However, I guess that the issue is caused by one of two reasons:
1. the client and server does not have common cipher suites.
2. the server uses certificate with Elliptic Curve Cryptography (ECC). Because the client did not offered any elliptic cipher suite, the server can assume that the client will not be able to validate the certificate and closes the connection - or giving another point of view, server is not able to select any valid certificate with signature the client will understand.

You can try two solutions:
1. make sure that the server is able to provide an RSA certificate (instead of ECC certificate).
2. add support for ECC to the client - it can be done using plugins, please visit https://www.rebex.net/kb/simple-elliptic-curve-libraries/
by (130 points)
edited by
I would go with the second option.
Should Rebex.Elliptic.Ed25519 nuget package will add support to the client  ? how to set elliptic setting in client ?
Alternativelly, how should the zip you advised be installed in vsisual studio solution ?
by (144k points)
It is VERY unlikely that your server supports Ed25519, please try Rebex.Castle.dll or Rebex.Curve25519.dll instead. Just add the nuget package to your project, and make sure to activate it in your code by calling AsymmetricKeyAlgorithm.Register as described at https://www.rebex.net/kb/simple-elliptic-curve-libraries/
by (130 points)
Thanks Lucas,
currentlly server is supporting ECDHE-ECDSA-AES128-GCM-SHA256
So what would you advise to use as client cipher  ?
by (144k points)
In that case, Rebex.Castle.dll is needed (on Xamarin.Android) because it implements ECDSA and ECDH based on the most common NIST-P curves. Rebex.Curve25519.dll is optional (only implements ECDH with X25519).
by (130 points)
edited by
calling AsymmetricKeyAlgorithm.Register(castle.create) does not work, How could I set it  ?
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
 is it correct?
When I set to the above Iagain get the error  :
2023-02-23 12:56:36.262 DEBUG WebSocketClient(1)[35] Proxy: Connection established.
2023-02-23 12:56:36.343 DEBUG WebSocketClient(1)[35] TLS: Using classic TLS core.
2023-02-23 12:56:36.351 DEBUG WebSocketClient(1)[35] TLS: Enabled cipher suites: 0x000F3DF7EBE00640.
2023-02-23 12:56:36.436 DEBUG WebSocketClient(1)[35] TLS: Applicable cipher suites: 0x000F3DF7EBE00640.
2023-02-23 12:56:36.445 VERBOSE WebSocketClient(1)[35] TLS: Sent TLS packet:
 0000 |16-03-03-00-AF-01-00-00 AB-03-03-63-F7-46-64-89| ...........c.Fd.
 0010 |60-EE-4D-D8-B9-83-DA-90 FE-27-EA-D8-63-83-80-2C| `.M......'..c..,
 0020 |6B-C3-4E-23-81-F3-56-41 66-F9-7B-00-00-3A-C0-23| k.N#..VAf.{..:.#
 0030 |C0-24-C0-2B-C0-2C-C0-2F C0-30-C0-27-C0-28-C0-09| .$.+.,./.0.'.(..
 0040 |C0-0A-C0-13-C0-14-00-9F 00-9E-00-6B-00-67-00-9D| ...........k.g..
 0050 |00-9C-00-3D-00-3C-00-33 00-39-00-2F-00-35-C0-08| ...=.<.3.9./.5..
 0060 |C0-12-00-16-00-0A-00-FF 01-00-00-48-00-00-00-10| ...........H....
 0070 |00-0E-00-00-0B-31-39-32 2E-31-36-38-2E-30-2E-31| .....192.168.0.1
 0080 |00-0A-00-0E-00-0C-00-17 00-18-00-19-00-1A-00-1B| ................
 0090 |00-1C-00-0B-00-02-01-00 00-0D-00-14-00-12-04-01| ................
 00A0 |04-03-05-01-05-03-06-01 06-03-02-01-02-03-02-02| ................
 00B0 |00-17-00-00                                    | ....
2023-02-23 12:56:36.446 DEBUG WebSocketClient(1)[35] TLS: HandshakeMessage:ClientHello was sent.
2023-02-23 12:56:36.785 VERBOSE WebSocketClient(1)[35] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-28                           | ......(
2023-02-23 12:56:36.787 INFO WebSocketClient(1)[35] TLS: Fatal Alert:HandshakeFailure was received.
2023-02-23 12:56:36.794 DEBUG WebSocketClient(1)[35] TLS: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
  at zbfys.kmzch.gcbov (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00085] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.xpfij (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00065] in <92378deb221948dfa4cafbbc95220b36>:0
by (144k points)
Actually, the log shows that the plugin did work - note the difference in the "Applicable cipher suites" log entry and the increased size of ClientHello message due to additional ciphers listed. So while Lukas Matyska's guess was sensible, enabling additional ciphers apparently did not resolve the problem.

We could continue guessing for a long time - for example, this could be due to the server a) not actually accepting connections at an IP address, b) requiring TLS 1.3, c) The server requiring some yet-unsupported extensions to be enabled, d) using some kind of fingerprinting to only accept connections from whitelisted browsers.

However, I would instead recommend to consult the service provider and simply ask about the requirements the server imposes on clients. Then, we could easily tell whether it's possible to configure Rebex WebSocket client that way, and how to achieve that. Alternatively, the server operator could look into the log and tell you why the server rejected client's attempt to establish a session.
by
Hi Lukas,
i'm a colleagues from chrisg and was recently also debugging the websocket issue we are having.

The server responded with this:
[Error: 140704529921664:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2284:
] {
  library: 'SSL routines',
  function: 'tls_post_process_client_hello',
  reason: 'no shared cipher',
  code: 'ERR_SSL_NO_SHARED_CIPHER'
}

Available cipher suites on the current (rebex-)client:
        {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
        {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
        {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
        {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
        {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
        {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
        {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
        {0xC0, 0x08} TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
        {0xC0, 0x12} TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        {0x00, 0x16} TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        {0x00, 0x0A} TLS_RSA_WITH_3DES_EDE_CBC_SHA
        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Available cipher suites on the server:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA256


Could it be, that just the names of the cipher are different? So that they do not match, even though they are the same:
e.g.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (rebex)
        ECDHE-ECDSA-AES128-GCM-SHA256 (server)

Just and idea - if you have some other advice, please let me know.

Maybe one more word about our setup:
- we have to connect to a piece of hardware with TLS Client authentication
- client will be a mobile application
- we are currently working with a mock-server (therefore we have access to it - it is a node.js application). The mock is supposed to be according to the specification (you never know, unfortuantely)

We are now concerned, not being able to connect to the hardware, as we are not able to to connect to the mock. Hopefully issues will be resolved soon.
by (70.2k points)
Please note that TLS cipher suites are sent as two bytes codes, there is no string comparison. The code is actually present in your listing, see:

   {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

The two hex-values are the two bytes code of the cipher suite.


If your listing of available cipher suites at the server is correct, then we can clearly see that the ERR_SSL_NO_SHARED_CIPHER reported by the server is misleading or incorrect, because there are some shared cipher suites.

However, I have noticed the error log contains a reference to source code: ./deps/openssl/openssl/ssl/statem/statem_srvr.c:2284
and I have found it at https://github.com/openssl/openssl/blob/master/ssl/statem/statem_srvr.c

It was not much helpful, but I have searched for "no shared cipher" string in the repository and I got this interesting hit:
https://github.com/openssl/openssl/commit/b4eee58a5f9dfa493d6cc34b4af871415c67beda

1. It seems that OpenSSL has/had some issues with TLS 1.3 enabled. Please, try to disable TLS 1.3 at the server.
2. If disabling TLS 1.3 does not help, please, upgrade to the latest version of OpenSSL, since it seems we are facing a server side issue.
by
Hi Lukasz,
sorry to come back to you on this. In the meanwhile we had a chance to test our setup with a real hardware board and not only with the mock we are having.
The message we are receiving is a bit different and it seems, that Rebex throws some exception. I will attach the logfile below.
Besides we did a test with another linux based websocket-client (OpenSSL) and for them the establishment of the connection was successful.
At least this suggests that it is not a major server issue. Do you think it could be helpful, if we provide kind of testproject, that you can see/reproduce it by yourself?

Here is the logfile:

----websocket log----2023-03-20 18:25:29.409 Opening log file.
2023-03-20 18:25:29.410 INFO FileLogWriter(1)[18] Info: Assembly: Rebex.Common R6.10 for .NET Standard 2.1
2023-03-20 18:25:29.410 INFO FileLogWriter(1)[18] Info: Platform: iOS (Unix 22.4.0.0) 64-bit ARM; CLR: Mono 6.12.0 (2020-02/6dd9def57ce)
2023-03-20 18:25:29.410 DEBUG FileLogWriter(1)[18] Info: Culture: en; Windows-1252
2023-03-20 18:25:29.421 INFO WebSocketClient(2)[18] WebSocket: Connecting to 'wss://192.168.0.1:28441/maintenance'...
2023-03-20 18:25:29.421 INFO WebSocketClient(2)[18] Info: Assembly: Rebex.WebSocket R6.10 for .NET Standard 2.1
2023-03-20 18:25:29.421 INFO WebSocketClient(2)[18] Info: Platform: iOS (Unix 22.4.0.0) 64-bit ARM; CLR: Mono 6.12.0 (2020-02/6dd9def57ce)
2023-03-20 18:25:29.421 DEBUG WebSocketClient(2)[18] Info: Culture: en; Windows-1252
2023-03-20 18:25:29.421 INFO WebSocketClient(2)[21] HTTP: Connecting to 'https://192.168.0.1:28441'...
2023-03-20 18:25:29.422 DEBUG WebSocketClient(2)[21] Proxy: Connecting to 192.168.0.1:28441 (no proxy).
2023-03-20 18:25:29.430 DEBUG WebSocketClient(2)[21] Proxy: Connection established.
2023-03-20 18:25:29.464 DEBUG WebSocketClient(2)[21] TLS: Using classic TLS core.
2023-03-20 18:25:29.465 DEBUG WebSocketClient(2)[21] TLS: Enabled cipher suites: 0x0001000000000000.
2023-03-20 18:25:29.491 DEBUG WebSocketClient(2)[21] TLS: Applicable cipher suites: 0x0001000000000000.
2023-03-20 18:25:29.493 VERBOSE WebSocketClient(2)[21] TLS: Sent TLS packet:
 0000 |16-03-03-00-79-01-00-00 75-03-03-64-18-97-09-B8| ....y...u..d....
 0010 |F8-53-AA-C3-0F-53-1A-1A D5-31-A1-F6-2E-42-77-73| .S...S...1...Bws
 0020 |56-83-F0-18-98-10-A8-ED 9A-E4-C1-00-00-04-C0-2B| V..............+
 0030 |00-FF-01-00-00-48-00-00 00-10-00-0E-00-00-0B-31| .....H.........1
 0040 |39-32-2E-31-36-38-2E-30 2E-31-00-0A-00-0E-00-0C| 92.168.0.1......
 0050 |00-17-00-18-00-19-00-1A 00-1B-00-1C-00-0B-00-02| ................
 0060 |01-00-00-0D-00-14-00-12 04-01-04-03-05-01-05-03| ................
 0070 |06-01-06-03-02-01-02-03 02-02-00-17-00-00      | ..............
2023-03-20 18:25:29.493 DEBUG WebSocketClient(2)[21] TLS: HandshakeMessage:ClientHello was sent.
2023-03-20 18:25:29.728 VERBOSE WebSocketClient(2)[21] TLS: Received TLS packet:
 0000 |16-03-03-00-55-02-00-00 51-03-03-A1-F8-5F-D0-85| ....U...Q...._..
 0010 |3D-11-56-69-B7-3F-4A-63 22-CF-65-05-6B-07-47-74| =.Vi.?Jc".e.k.Gt
 0020 |42-5F-78-31-00-32-04-3F 82-3F-FE-20-A5-0A-EE-BC| B_x1.2.?.?. ....
 0030 |D5-9F-25-5C-1A-F1-87-0D 2F-5E-B3-19-97-DA-D8-82| ..%\..../^......
 0040 |9A-84-8D-DA-3A-B3-F8-74 06-D1-DE-32-00-00-00-00| ....:..t...2....
 0050 |09-FF-01-00-01-00-00-17 00-00                  | ..........
2023-03-20 18:25:29.734 DEBUG WebSocketClient(2)[21] TLS: Error while processing TLS packet: System.ArgumentException: Unsupported cipher suite.
Parameter name: suite
  at Rebex.Net.TlsCipher.ziunq (Rebex.Net.TlsCipherSuiteId p0, System.Int32 p1) [0x007a2] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.ofgkm..ctor (System.Byte[] buffer, System.Int32 offset, System.Int32 length) [0x00139] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.pvrbt.wrmvi (System.Byte[] p0, System.Int32 p1, System.Int32 p2, Rebex.Net.TlsProtocol p3, Rebex.Net.TlsCipher p4) [0x0006d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.kmzch.dxcxl (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00026] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.wunjd (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x0007d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000ce] in <92378deb221948dfa4cafbbc95220b36>:0
2023-03-20 18:25:29.735 INFO WebSocketClient(2)[21] TLS: Fatal Alert:InternalError was sent.
2023-03-20 18:25:29.735 VERBOSE WebSocketClient(2)[21] TLS: Sent TLS packet:
 0000 |15-03-03-00-02-02-50                           | ......P
2023-03-20 18:25:29.740 ERROR WebSocketClient(2)[21] HTTP: Error while sending request: Rebex.Net.TlsException: Unsupported cipher suite.
Parameter name: suite ---> System.ArgumentException: Unsupported cipher suite.
Parameter name: suite
  at Rebex.Net.TlsCipher.ziunq (Rebex.Net.TlsCipherSuiteId p0, System.Int32 p1) [0x007a2] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.ofgkm..ctor (System.Byte[] buffer, System.Int32 offset, System.Int32 length) [0x00139] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.pvrbt.wrmvi (System.Byte[] p0, System.Int32 p1, System.Int32 p2, Rebex.Net.TlsProtocol p3, Rebex.Net.TlsCipher p4) [0x0006d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.kmzch.dxcxl (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00026] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.wunjd (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x0007d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000ce] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.sbkup.cumxx () [0x00163] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.kknju () [0x00071] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.uwdop () [0x00056] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.pfonj () [0x00000] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.ovayl () [0x00006] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.Negotiate () [0x00014] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.eaxpd (Rebex.Net.ISocket p0, Rebex.Net.TlsCipher& p1) [0x00032] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.lzmdw () [0x0003e] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.jednq () [0x000c9] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.amhvz (System.Boolean p0) [0x000f5] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.iehix () [0x001b9] in <92378deb221948dfa4cafbbc95220b36>:0
2023-03-20 18:25:29.746 ERROR WebSocketClient(2)[21] WebSocket: Error occurred: Rebex.Net.WebSocketException: An error occurred while opening the WebSocket. ---> zbfys.hvzit: Unsupported cipher suite.
Parameter name: suite ---> Rebex.Net.TlsException: Unsupported cipher suite.
Parameter name: suite ---> System.ArgumentException: Unsupported cipher suite.
Parameter name: suite
  at Rebex.Net.TlsCipher.ziunq (Rebex.Net.TlsCipherSuiteId p0, System.Int32 p1) [0x007a2] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.ofgkm..ctor (System.Byte[] buffer, System.Int32 offset, System.Int32 length) [0x00139] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.pvrbt.wrmvi (System.Byte[] p0, System.Int32 p1, System.Int32 p2, Rebex.Net.TlsProtocol p3, Rebex.Net.TlsCipher p4) [0x0006d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.kmzch.dxcxl (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00026] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.wunjd (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x0007d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000ce] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.sbkup.cumxx () [0x00163] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.kknju () [0x00071] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.uwdop () [0x00056] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.pfonj () [0x00000] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.ovayl () [0x00006] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.Negotiate () [0x00014] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.eaxpd (Rebex.Net.ISocket p0, Rebex.Net.TlsCipher& p1) [0x00032] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.lzmdw () [0x0003e] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.jednq () [0x000c9] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.amhvz (System.Boolean p0) [0x000f5] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.iehix () [0x001b9] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.lmtsl.iehix () [0x0046a] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.vwomv+ooawi.qhosc () [0x00000] in <1385f88e458e4471a15609b64d8a7800>:0
  at System.Threading.Tasks.Task`1[TResult].InnerInvoke () [0x0000f] in <a397f8ddf5cc4340b1b7367e6ca02e39>:0
  at System.Threading.Tasks.Task.Execute () [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/external/corert/src/System.Private.CoreLib/src/System/Threading/Tasks/Task.cs:2319
--- End of stack trace from previous location where exception was thrown ---

  at zbfys.vwomv.dbzip (System.Uri p0, zbfys.dwzou p1, Rebex.Net.ISocketFactory p2, Rebex.Net.WebSocketClientSettings p3, Rebex.Net.WebSocketClientOptions p4, Rebex.Net.TlsParameters p5, System.Threading.CancellationToken p6) [0x00380] in <1385f88e458e4471a15609b64d8a7800>:0
   --- End of inner exception stack trace ---
  at zbfys.vwomv.dbzip (System.Uri p0, zbfys.dwzou p1, Rebex.Net.ISocketFactory p2, Rebex.Net.WebSocketClientSettings p3, Rebex.Net.WebSocketClientOptions p4, Rebex.Net.TlsParameters p5, System.Threading.CancellationToken p6) [0x00399] in <1385f88e458e4471a15609b64d8a7800>:0
  at Rebex.Net.WebSocketClient.ConnectAsync (System.Uri uri, System.Threading.CancellationToken cancellationToken) [0x001f4] in <1385f88e458e4471a15609b64d8a7800>:0
by (70.2k points)
The "TlsException: Unsupported cipher suite." was raised because the server did not select any cipher suite in your case. The cipher_suite value in the ServerHello message was 0x00 - see https://www.rfc-editor.org/rfc/rfc5246#section-7.4.1.3 for details:

   cipher_suite
      The single cipher suite selected by the server from the list in ClientHello.cipher_suites.

I see in the log that you enabled only one single cipher: ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(see log entry: "Enabled cipher suites: 0x0001000000000000.")

It seems that the server does not support ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. The OpenSSL websocket-client was able to establish connection because you probably did not limit allowed cipher suites to just this single cipher.

Please try to enable more ciphers at the client. It can be done like this:

    var client = new WebSocketClient();
    client.Settings.SslAllowedSuites = TlsCipherSuite.Secure;
by
Hi Lukas,

i tried again. With different settings. Once with
client.Settings.SslAllowedSuites = TlsCipherSuite.Secure;

another time even with
client.Settings.SslAllowedSuites = TlsCipherSuite.All;

In both cases same result, but with different ciphers selected:
TlsCipherSuite.Secure;
2023-03-29 10:01:35.407 DEBUG WebSocketClient(2)[6] TLS: Enabled cipher suites: 0x0C1F3CC32B000000.
2023-03-29 10:01:35.436 DEBUG WebSocketClient(2)[6] TLS: Applicable cipher suites: 0x0C1F3CC32B000000.

TlsCipherSuite.All;
2023-03-29 09:56:11.207 DEBUG WebSocketClient(2)[21] TLS: Enabled cipher suites: 0x0C1FFFFFFFF4F666.
2023-03-29 09:56:11.228 DEBUG WebSocketClient(2)[21] TLS: Applicable cipher suites: 0x0C1FFFFFFFF4F666.

(Full log find below)

Do you have some still some idea, what could go wrong here?
Is there a way to debug rebex in more detail?
Can it be, that something is not as exepected in Rebex?

We really have some project-related issue with this.

Full log:
----websocket log----2023-03-29 10:01:35.352 Opening log file.
2023-03-29 10:01:35.353 INFO FileLogWriter(1)[19] Info: Assembly: Rebex.Common R6.10 for .NET Standard 2.1
2023-03-29 10:01:35.353 INFO FileLogWriter(1)[19] Info: Platform: iOS (Unix 22.4.0.0) 64-bit ARM; CLR: Mono 6.12.0 (2020-02/6dd9def57ce)
2023-03-29 10:01:35.353 DEBUG FileLogWriter(1)[19] Info: Culture: en; Windows-1252
2023-03-29 10:01:35.364 INFO WebSocketClient(2)[19] WebSocket: Connecting to 'wss://192.168.0.1:28441/maintenance'...
2023-03-29 10:01:35.364 INFO WebSocketClient(2)[19] Info: Assembly: Rebex.WebSocket R6.10 for .NET Standard 2.1
2023-03-29 10:01:35.364 INFO WebSocketClient(2)[19] Info: Platform: iOS (Unix 22.4.0.0) 64-bit ARM; CLR: Mono 6.12.0 (2020-02/6dd9def57ce)
2023-03-29 10:01:35.364 DEBUG WebSocketClient(2)[19] Info: Culture: en; Windows-1252
2023-03-29 10:01:35.364 INFO WebSocketClient(2)[6] HTTP: Connecting to 'https://192.168.0.1:28441'...
2023-03-29 10:01:35.364 DEBUG WebSocketClient(2)[6] Proxy: Connecting to 192.168.0.1:28441 (no proxy).
2023-03-29 10:01:35.367 DEBUG WebSocketClient(2)[6] Proxy: Connection established.
2023-03-29 10:01:35.406 DEBUG WebSocketClient(2)[6] TLS: Using classic TLS core.
2023-03-29 10:01:35.407 DEBUG WebSocketClient(2)[6] TLS: Enabled cipher suites: 0x0C1F3CC32B000000.
2023-03-29 10:01:35.436 DEBUG WebSocketClient(2)[6] TLS: Applicable cipher suites: 0x0C1F3CC32B000000.
2023-03-29 10:01:35.439 VERBOSE WebSocketClient(2)[6] TLS: Sent TLS packet:
 0000 |16-03-03-00-9D-01-00-00 99-03-03-64-23-F0-5F-D5| ...........d#._.
 0010 |43-05-42-33-F0-22-E2-32 8B-53-D2-FC-B6-E5-44-3C| C.B3.".2.S....D<
 0020 |D3-C2-94-F6-D5-22-7F-63 D2-B9-71-00-00-28-C0-23| .....".c..q..(.#
 0030 |C0-24-C0-2B-C0-2C-C0-2F C0-30-C0-27-C0-28-00-9F| .$.+.,./.0.'.(..
 0040 |00-9E-00-6B-00-67-00-9D 00-9C-00-3D-00-3C-CC-A8| ...k.g.....=.<..
 0050 |CC-A9-CC-AA-00-FF-01-00 00-48-00-00-00-10-00-0E| .........H......
 0060 |00-00-0B-31-39-32-2E-31 36-38-2E-30-2E-31-00-0A| ...192.168.0.1..
 0070 |00-0E-00-0C-00-17-00-18 00-19-00-1A-00-1B-00-1C| ................
 0080 |00-0B-00-02-01-00-00-0D 00-14-00-12-04-01-04-03| ................
 0090 |05-01-05-03-06-01-06-03 02-01-02-03-02-02-00-17| ................
 00A0 |00-00                                          | ..
2023-03-29 10:01:35.439 DEBUG WebSocketClient(2)[6] TLS: HandshakeMessage:ClientHello was sent.
2023-03-29 10:01:35.758 VERBOSE WebSocketClient(2)[6] TLS: Received TLS packet:
 0000 |16-03-03-00-55-02-00-00 51-03-03-31-09-4F-79-7E| ....U...Q..1.Oy~
 0010 |E6-76-2A-BA-FC-8B-42-4E C5-49-24-CD-F3-4B-12-78| .v*...BN.I$..K.x
 0020 |23-8A-A6-0E-0C-83-3C-D8 E2-1B-0A-20-EB-E9-12-31| #.....<.... ...1
 0030 |57-6E-52-B6-F5-06-39-D6 C8-2F-E6-D1-9B-17-95-E1| WnR...9../......
 0040 |51-6B-FF-52-01-9D-AB-19 A7-7B-44-41-00-00-00-00| Qk.R.....{DA....
 0050 |09-FF-01-00-01-00-00-17 00-00                  | ..........
2023-03-29 10:01:35.765 DEBUG WebSocketClient(2)[6] TLS: Error while processing TLS packet: System.ArgumentException: Unsupported cipher suite.
Parameter name: suite
  at Rebex.Net.TlsCipher.ziunq (Rebex.Net.TlsCipherSuiteId p0, System.Int32 p1) [0x007a2] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.ofgkm..ctor (System.Byte[] buffer, System.Int32 offset, System.Int32 length) [0x00139] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.pvrbt.wrmvi (System.Byte[] p0, System.Int32 p1, System.Int32 p2, Rebex.Net.TlsProtocol p3, Rebex.Net.TlsCipher p4) [0x0006d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.kmzch.dxcxl (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00026] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.wunjd (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x0007d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000ce] in <92378deb221948dfa4cafbbc95220b36>:0
2023-03-29 10:01:35.766 INFO WebSocketClient(2)[6] TLS: Fatal Alert:InternalError was sent.
2023-03-29 10:01:35.766 VERBOSE WebSocketClient(2)[6] TLS: Sent TLS packet:
 0000 |15-03-03-00-02-02-50                           | ......P
2023-03-29 10:01:35.770 ERROR WebSocketClient(2)[6] HTTP: Error while sending request: Rebex.Net.TlsException: Unsupported cipher suite.
Parameter name: suite ---> System.ArgumentException: Unsupported cipher suite.
Parameter name: suite
  at Rebex.Net.TlsCipher.ziunq (Rebex.Net.TlsCipherSuiteId p0, System.Int32 p1) [0x007a2] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.ofgkm..ctor (System.Byte[] buffer, System.Int32 offset, System.Int32 length) [0x00139] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.pvrbt.wrmvi (System.Byte[] p0, System.Int32 p1, System.Int32 p2, Rebex.Net.TlsProtocol p3, Rebex.Net.TlsCipher p4) [0x0006d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.kmzch.dxcxl (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00026] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.wunjd (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x0007d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000ce] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.sbkup.cumxx () [0x00163] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.kknju () [0x00071] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.uwdop () [0x00056] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.pfonj () [0x00000] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.ovayl () [0x00006] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.Negotiate () [0x00014] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.eaxpd (Rebex.Net.ISocket p0, Rebex.Net.TlsCipher& p1) [0x00032] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.lzmdw () [0x0003e] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.jednq () [0x000c9] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.amhvz (System.Boolean p0) [0x000f5] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.iehix () [0x001b9] in <92378deb221948dfa4cafbbc95220b36>:0
2023-03-29 10:01:35.777 ERROR WebSocketClient(2)[6] WebSocket: Error occurred: Rebex.Net.WebSocketException: An error occurred while opening the WebSocket. ---> zbfys.hvzit: Unsupported cipher suite.
Parameter name: suite ---> Rebex.Net.TlsException: Unsupported cipher suite.
Parameter name: suite ---> System.ArgumentException: Unsupported cipher suite.
Parameter name: suite
  at Rebex.Net.TlsCipher.ziunq (Rebex.Net.TlsCipherSuiteId p0, System.Int32 p1) [0x007a2] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.ofgkm..ctor (System.Byte[] buffer, System.Int32 offset, System.Int32 length) [0x00139] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.pvrbt.wrmvi (System.Byte[] p0, System.Int32 p1, System.Int32 p2, Rebex.Net.TlsProtocol p3, Rebex.Net.TlsCipher p4) [0x0006d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.kmzch.dxcxl (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x00026] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.wunjd (System.Byte[] p0, System.Int32 p1, System.Int32 p2) [0x0007d] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.cumxx () [0x000ce] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.sbkup.cumxx () [0x00163] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.sbkup.kknju () [0x00071] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.uwdop () [0x00056] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.isvgr.pfonj () [0x00000] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.ovayl () [0x00006] in <92378deb221948dfa4cafbbc95220b36>:0
  at Rebex.Net.TlsSocket.Negotiate () [0x00014] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.eaxpd (Rebex.Net.ISocket p0, Rebex.Net.TlsCipher& p1) [0x00032] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.gjell.lzmdw () [0x0003e] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.jednq () [0x000c9] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.amhvz (System.Boolean p0) [0x000f5] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.lmtsl.iehix () [0x001b9] in <92378deb221948dfa4cafbbc95220b36>:0
   --- End of inner exception stack trace ---
  at zbfys.lmtsl.iehix () [0x0046a] in <92378deb221948dfa4cafbbc95220b36>:0
  at zbfys.vwomv+ooawi.qhosc () [0x00000] in <1385f88e458e4471a15609b64d8a7800>:0
  at System.Threading.Tasks.Task`1[TResult].InnerInvoke () [0x0000f] in <a397f8ddf5cc4340b1b7367e6ca02e39>:0
  at System.Threading.Tasks.Task.Execute () [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/Current/src/Xamarin.iOS/external/corert/src/System.Private.CoreLib/src/System/Threading/Tasks/Task.cs:2319
--- End of stack trace from previous location where exception was thrown ---

  at zbfys.vwomv.dbzip (System.Uri p0, zbfys.dwzou p1, Rebex.Net.ISocketFactory p2, Rebex.Net.WebSocketClientSettings p3, Rebex.Net.WebSocketClientOptions p4, Rebex.Net.TlsParameters p5, System.Threading.CancellationToken p6) [0x00380] in <1385f88e458e4471a15609b64d8a7800>:0
   --- End of inner exception stack trace ---
  at zbfys.vwomv.dbzip (System.Uri p0, zbfys.dwzou p1, Rebex.Net.ISocketFactory p2, Rebex.Net.WebSocketClientSettings p3, Rebex.Net.WebSocketClientOptions p4, Rebex.Net.TlsParameters p5, System.Threading.CancellationToken p6) [0x00399] in <1385f88e458e4471a15609b64d8a7800>:0
  at Rebex.Net.WebSocketClient.ConnectAsync (System.Uri uri, System.Threading.CancellationToken cancellationToken) [0x001f4] in <1385f88e458e4471a15609b64d8a7800>:0
by (144k points)
> Do you have some still some idea, what could go wrong here?
> Is there a way to debug rebex in more detail?
> Can it be, that something is not as exepected in Rebex?

The error should have been a TlsException instead of ArgumentException, but the reason is clearly apparent in the content of server's ServerHello message:
 0000 |16-03-03-00-55-02-00-00 51-03-03-31-09-4F-79-7E| ....U...Q..1.Oy~
 0010 |E6-76-2A-BA-FC-8B-42-4E C5-49-24-CD-F3-4B-12-78| .v*...BN.I$..K.x
 0020 |23-8A-A6-0E-0C-83-3C-D8 E2-1B-0A-20-EB-E9-12-31| #.....<.... ...1
 0030 |57-6E-52-B6-F5-06-39-D6 C8-2F-E6-D1-9B-17-95-E1| WnR...9../......
 0040 |51-6B-FF-52-01-9D-AB-19 A7-7B-44-41-00-00-00-00| Qk.R.....{DA....
 0050 |09-FF-01-00-01-00-00-17 00-00                  | ..........

This is structured according to RFC 5246, with section 7.4.1.3 describing the content of ServerHello message data - see https://www.rfc-editor.org/rfc/rfc5246#section-7.4.1.3 for details.

This is the meaning of those bytes:

16 = TLS handshake message
03 03 = protocol version (TLS 1.2)  / 4,5
00 55 = packet payload length
02 = ServerHello
00 00 51 = ServerHello length

03 03 = server_version (TLS 1.2)

31 09 4F 79 7E E6 76 2A = random value
BA FC 8B 42 4E C5 49 24
CD F3 4B 12 78 23 8A A6
0E 0C 83 3C D8 E2 1B 0A

20 = session ID length
EB E9 12 31 57 6E 52 B6 =  session ID
F5 06 39 D6 C8 2F E6 D1
9B 17 95 E1 51 6B FF 52
01 9D AB 19 A7 7B 44 41

00 00 = cipher_site
00 = compression_method (=none)
00 09 FF 01 00 01 00 00 17 00 00 = extensions

As you can see, the server returned "cipher_suite" of "00 00" (two zero bytes) which represents the TLS_NULL_WITH_NULL_NULL cipher. This cipher offers no protection, it has not been announced as supported by the client.

However, the TLS specification states that this value represents "the single cipher suite selected by the server from the list in ClientHello.cipher_suites." This means that your server apparently violated the TLS protocol by responding with a cipher that has not been announced by the client. Additionally, the client does not even support this cipher, which means it can never announce it, and it should never occur in server's ServerHello message. Therefore, our ServerHello parser simply failed - the error is slightly wrong (at should have been TlsException instead of ArgumentException), but it's actually spot-on.

So there actually is a server issue - the server's response does not conform to TLS 1.2 specification.

> We did a test with another linux based websocket-client (OpenSSL) and for them the establishment of the connection was successful.

It's quite likely that the wrong server response only occurs when some specific conditions are met. For example, the server might respond this way if it doesn't like something in the client's ClientHello message. For example, the server might require Curve25519 elliptic curve support, and fail in this strange way if the client doesn't announce it. It looks like you have not registered Rebex.Curve25519.dll plugin, so your client doesn't support this popular curve, while OpenSSL definitely does. So that's one possible difference, and it might be useful to try enabling this.

Another thing to try is to enable TLS 1.3 at the client. Again, OpenSSL does support this, so perhaps the server requires it and only sends the wrong response when the client doesn't.

But of course, I'm just guessing here, just like I was on February 23. But if you can't seem to find out what the server doesn't like from the server log, there is another way that might help to determine what's missing (or what's superfluous) in the ClientHello message: run a test with a client that works (such as the Linux-based websocket-client) and capture it's communication using a network packet analyzer (such as tcpdump or Wireshark). Then, we could configure Rebex WebSocket client to send a similar ClientHello, which would hopefully make it work.

Alternatively, set up one of those servers to allow access from our IP address, and let us determine settings that work.
by
Hi Lukas,

oh dear...indeed, after playing too long around with the code, i forget what was mentioned initially about importing the support for Curve25519 and Ed25519.

And btw. thanks a lot for the enlightening comment you gave!! :-)

Now the response looks much better - But still with some trouble:

2023-03-29 21:31:14.725 DEBUG WebSocketClient(1)[5] TLS: HandshakeMessage:Certificate was received.
2023-03-29 21:31:14.731 DEBUG WebSocketClient(1)[5] TLS: Rebex.Net.TlsException: Received unsuitable server certificate.

I guess it has nothing to do with the certificate validation, as i already played around with disabling it. Could you again help me out here, what could be the issue here?
How can i get hold of the server certificate for getting more details on it?

Full log:
----websocket log----

2023-03-29 21:31:14.227 DEBUG WebSocketClient(1)[5] TLS: Enabled cipher suites: 0x0C1F3CC32B000000.
2023-03-29 21:31:14.234 DEBUG WebSocketClient(1)[5] TLS: Applicable cipher suites: 0x0C1F3CC32B000000.
2023-03-29 21:31:14.239 VERBOSE WebSocketClient(1)[5] TLS: Sent TLS packet:
 0000 |16-03-03-00-9B-01-00-00 97-03-03-64-24-92-02-B9| ...........d$...
 0010 |DC-A1-80-9E-3F-6C-D0-E0 C3-B6-C5-06-FB-08-31-1A| ....?l........1.
 0020 |25-5C-06-06-CF-7E-62-C0 67-82-55-00-00-28-C0-23| %\...~b.g.U..(.#
 0030 |C0-24-C0-2B-C0-2C-C0-2F C0-30-C0-27-C0-28-00-9F| .$.+.,./.0.'.(..
 0040 |00-9E-00-6B-00-67-00-9D 00-9C-00-3D-00-3C-CC-A8| ...k.g.....=.<..
 0050 |CC-A9-CC-AA-00-FF-01-00 00-46-00-00-00-12-00-10| .........F......
 0060 |00-00-0D-31-39-32-2E-31 36-38-2E-32-31-37-2E-32| ...192.168.217.2
 0070 |00-0A-00-0A-00-08-00-17 00-18-00-19-00-1D-00-0B| ................
 0080 |00-02-01-00-00-0D-00-14 00-12-04-01-04-03-05-01| ................
 0090 |05-03-06-01-06-03-02-01 02-03-02-02-00-17-00-00| ................
2023-03-29 21:31:14.240 DEBUG WebSocketClient(1)[5] TLS: HandshakeMessage:ClientHello was sent.
2023-03-29 21:31:14.715 VERBOSE WebSocketClient(1)[5] TLS: Received TLS packet:
 0000 |16-03-03-00-5B-02-00-00 57-03-03-E8-DB-1E-7D-4F| ....[...W.....}O
 0010 |3E-DA-DC-FF-AE-72-2B-20 82-AB-D3-5B-D8-82-41-6E| >....r+ ...[..An
 0020 |8F-6E-60-A7-03-10-2B-00 50-CA-00-20-3F-3E-BB-11| .n`...+.P.. ?>..
 0030 |B0-B2-BC-78-37-20-2B-38 24-C1-0F-BE-EF-75-AD-74| ...x7 +8$....u.t
 0040 |49-EF-9B-20-C3-5F-CE-08 AE-CB-4E-72-CC-A9-00-00| I.. ._....Nr....
 0050 |0F-00-0B-00-02-01-00-FF 01-00-01-00-00-17-00-00| ................
2023-03-29 21:31:14.721 DEBUG WebSocketClient(1)[5] TLS: HandshakeMessage:ServerHello was received.
2023-03-29 21:31:14.722 INFO WebSocketClient(1)[5] TLS: Negotiating TLS 1.2, ECDSA with ephemeral ECDH, Chacha20Poly1305 with 256-bit key, AEAD.
2023-03-29 21:31:14.723 DEBUG WebSocketClient(1)[5] TLS: The server supports secure renegotiation.
2023-03-29 21:31:14.724 DEBUG WebSocketClient(1)[5] TLS: Extended master secret is enabled.
2023-03-29 21:31:14.724 VERBOSE WebSocketClient(1)[5] TLS: Received TLS packet:
 0000 |16-03-03-05-F8-0B-00-05 F4-00-05-F1-00-02-C2-30| ...............0
 0010 |82-02-BE-30-82-02-70-A0 03-02-01-02-02-10-5B-80| ...0..p.......[.
 0020 |09-DE-78-28-E0-08-87-B2 33-37-CF-FF-8A-B0-30-05| ..x(....37....0.
 0030 |06-03-2B-65-70-30-5C-31 0B-30-09-06-03-55-04-06| ..+ep0\1.0...U..
 0040 |13-02-44-45-31-1A-30-18 06-03-55-04-0A-13-11-48| ..DE1.0...U....H
 0050 |6F-6D-65-20-43-6F-6E-6E 65-63-74-20-47-6D-62-48| ome Connect GmbH
 0060 |31-19-30-17-06-03-55-04 0B-13-10-50-72-6F-64-75| 1.0...U....Produ
 0070 |63-74-20-53-65-63-75-72 69-74-79-31-16-30-14-06| ct Security1.0..
 0080 |03-55-04-03-13-0D-44-45 56-20-53-4D-4D-20-43-41| .U....DEV SMM CA
 0090 |20-41-36-30-1E-17-0D-32 30-31-31-31-32-30-38-34|  A60...201112084
 00A0 |38-35-39-5A-17-0D-32-33 31-31-31-32-30-38-34-38| 859Z..2311120848
 00B0 |35-39-5A-30-4C-31-26-30 24-06-03-55-04-03-13-1D| 59Z0L1&0$..U....
 00C0 |38-30-30-31-31-38-33-39 34-32-30-30-30-30-34-34| 8001183942000044
 00D0 |30-33-33-35-30-30-30-30 30-30-30-36-35-31-22-30| 03350000000651"0
 00E0 |20-06-03-55-04-0D-13-19 31-2E-33-2E-36-2E-31-2E|  ..U....1.3.6.1.
 00F0 |34-2E-31-2E-32-30-32-31 39-2E-34-2E-32-2E-31-2E| 4.1.20219.4.2.1.
 0100 |32-30-2A-30-05-06-03-2B 65-70-03-21-00-BF-34-B5| 20*0...+ep.!..4.
 0110 |E9-E5-38-14-DA-E7-FC-B1 14-D1-9A-E2-39-62-03-DD| ..8.........9b..
 0120 |D5-B1-2A-6C-B6-40-C9-3B 0C-FE-AA-DE-F5-A3-82-01| ..*l.@.;........
 0130 |56-30-82-01-52-30-1D-06 03-55-1D-25-04-16-30-14| V0..R0...U.%..0.
 0140 |06-08-2B-06-01-05-05-07 03-02-06-08-2B-06-01-05| ..+.........+...
 0150 |05-07-03-01-30-11-06-03 55-1D-0E-04-0A-04-08-44| ....0...U......D
 0160 |63-70-E7-E7-B8-B2-54-30 4C-06-03-55-1D-20-04-45| cp....T0L..U. .E
 0170 |30-43-30-41-06-0B-2B-06 01-04-01-81-9D-7B-04-01| 0C0A..+......{..
 0180 |01-30-32-30-30-06-08-2B 06-01-05-05-07-02-01-16| .0200..+........
 0190 |24-68-74-74-70-73-3A-2F 2F-77-77-77-2E-62-73-68| $https://www.bsh
 01A0 |2D-67-72-6F-75-70-2E-63 6F-6D-2F-64-69-67-69-74| -group.com/digit
 01B0 |61-6C-2D-69-64-30-1F-06 03-55-1D-23-04-18-30-16| al-id0...U.#..0.
 01C0 |80-14-32-A6-11-B5-D9-2E 53-A1-46-51-79-23-DA-FB| ..2.....S.FQy#..
 01D0 |C5-2E-05-42-FC-AE-30-81 9E-06-08-2B-06-01-05-05| ...B..0....+....
 01E0 |07-01-01-04-81-91-30-81 8E-30-2E-06-08-2B-06-01| ......0..0...+..
 01F0 |05-05-07-30-01-86-22-68 74-74-70-3A-2F-2F-6F-63| ...0.."http://oc
 0200 |73-70-2E-33-2E-71-61-2E 67-6F-2E-6E-65-78-75-73| sp.3.qa.go.nexus
 0210 |67-72-6F-75-70-2E-63-6F 6D-30-5C-06-08-2B-06-01| group.com0\..+..
 0220 |05-05-07-30-02-86-50-68 74-74-70-3A-2F-2F-70-67| ...0..Phttp://pg
 0230 |77-2E-33-2E-71-61-2E-67 6F-2E-6E-65-78-75-73-67| w.3.qa.go.nexusg
 0240 |72-6F-75-70-2E-63-6F-6D 2F-64-70-2F-63-61-2F-35| roup.com/dp/ca/5
 0250 |62-66-37-33-34-37-61-36 35-36-39-31-39-38-64-38| bf7347a6569198d8
 0260 |35-61-34-31-37-66-37-32 63-37-63-66-63-39-65-31| 5a417f72c7cfc9e1
 0270 |33-32-32-30-62-39-39-30 0E-06-03-55-1D-0F-01-01| 3220b990...U....
 0280 |FF-04-04-03-02-07-80-30 05-06-03-2B-65-70-03-41| .......0...+ep.A
 0290 |00-0F-BC-1D-0B-0C-D3-A2 34-0A-46-DB-5F-D5-63-DC| ........4.F._.c.
 02A0 |B0-78-37-CB-B7-AB-3F-CE 51-4F-AF-89-49-84-9C-86| .x7...?.QO..I...
 02B0 |2A-D7-A1-31-71-5A-18-1C D9-6E-EB-0A-CF-73-EC-70| *..1qZ...n...s.p
 02C0 |19-39-03-26-0F-2E-FE-9F 7C-99-4B-3D-DA-A6-DF-2F| .9.&....|.K=.../
 02D0 |02-00-03-29-30-82-03-25 30-82-02-D7-A0-03-02-01| ...)0..%0.......
 02E0 |02-02-10-59-F0-7A-5B-D7 4F-4D-36-59-E1-60-83-69| ...Y.z[.OM6Y.`.i
 02F0 |7C-69-29-30-05-06-03-2B 65-70-30-64-31-0B-30-09| |i)0...+ep0d1.0.
 0300 |06-03-55-04-06-13-02-44 45-31-1D-30-1B-06-03-55| ..U....DE1.0...U
 0310 |04-0A-13-14-42-53-48-20 48-61-75-73-67-65-72-61| ....BSH Hausgera
 0320 |65-74-65-20-47-6D-62-48 31-19-30-17-06-03-55-04| ete GmbH1.0...U.
 0330 |0B-13-10-50-72-6F-64-75 63-74-20-53-65-63-75-72| ...Product Secur
 0340 |69-74-79-31-1B-30-19-06 03-55-04-03-13-12-44-45| ity1.0...U....DE
 0350 |56-20-41-70-70-6C-69-61 6E-63-65-20-43-41-20-31| V Appliance CA 1
 0360 |30-1E-17-0D-32-30-30-39 31-30-31-33-30-35-33-34| 0...200910130534
 0370 |5A-17-0D-32-35-30-39-31 30-31-33-30-35-33-34-5A| Z..250910130534Z
 0380 |30-5C-31-0B-30-09-06-03 55-04-06-13-02-44-45-31| 0\1.0...U....DE1
 0390 |1A-30-18-06-03-55-04-0A 13-11-48-6F-6D-65-20-43| .0...U....Home C
 03A0 |6F-6E-6E-65-63-74-20-47 6D-62-48-31-19-30-17-06| onnect GmbH1.0..
 03B0 |03-55-04-0B-13-10-50-72 6F-64-75-63-74-20-53-65| .U....Product Se
 03C0 |63-75-72-69-74-79-31-16 30-14-06-03-55-04-03-13| curity1.0...U...
 03D0 |0D-44-45-56-20-53-4D-4D 20-43-41-20-41-36-30-2A| .DEV SMM CA A60*
 03E0 |30-05-06-03-2B-65-70-03 21-00-CD-82-E1-F2-8C-5D| 0...+ep.!......]
 03F0 |86-97-37-EA-15-56-AE-41 0C-E6-0E-FB-92-54-50-00| ..7..V.A.....TP.
 0400 |17-6C-14-30-91-2D-BA-70 9A-4A-A3-82-01-A5-30-82| .l.0.-.p.J....0.
 0410 |01-A1-30-12-06-03-55-1D 13-01-01-FF-04-08-30-06| ..0...U.......0.
 0420 |01-01-FF-02-01-00-30-1D 06-03-55-1D-0E-04-16-04| ......0...U.....
 0430 |14-32-A6-11-B5-D9-2E-53 A1-46-51-79-23-DA-FB-C5| .2.....S.FQy#...
 0440 |2E-05-42-FC-AE-30-4C-06 03-55-1D-20-04-45-30-43| ..B..0L..U. .E0C
 0450 |30-41-06-0B-2B-06-01-04 01-81-9D-7B-04-01-02-30| 0A..+......{...0
 0460 |32-30-30-06-08-2B-06-01 05-05-07-02-01-16-24-68| 200..+........$h
 0470 |74-74-70-73-3A-2F-2F-77 77-77-2E-62-73-68-2D-67| ttps://www.bsh-g
 0480 |72-6F-75-70-2E-63-6F-6D 2F-64-69-67-69-74-61-6C| roup.com/digital
 0490 |2D-69-64-30-1F-06-03-55 1D-23-04-18-30-16-80-14| -id0...U.#..0...
 04A0 |7D-21-10-D3-5F-DA-84-E8 CB-60-6C-CA-63-54-56-A4| }!.._....`l.cTV.
 04B0 |A1-C0-EF-CB-30-0E-06-03 55-1D-0F-01-01-FF-04-04| ....0...U.......
 04C0 |03-02-01-06-30-81-95-06 08-2B-06-01-05-05-07-01| ....0....+......
 04D0 |01-04-81-88-30-81-85-30 4F-06-08-2B-06-01-05-05| ....0..0O..+....
 04E0 |07-30-02-86-43-68-74-74 70-3A-2F-2F-70-6B-69-2D| .0..Chttp://pki-
 04F0 |63-61-2D-64-65-76-2E-68 6F-6D-65-2D-63-6F-6E-6E| ca-dev.home-conn
 0500 |65-63-74-2E-63-6F-6D-2F 33-37-33-31-38-33-36-30| ect.com/37318360
 0510 |39-63-32-39-31-34-39-64 36-66-64-35-65-62-63-32| 9c29149d6fd5ebc2
 0520 |31-62-32-38-66-62-38-35 30-32-06-08-2B-06-01-05| 1b28fb8502..+...
 0530 |05-07-30-01-86-26-68-74 74-70-3A-2F-2F-70-6B-69| ..0..&http://pki
 0540 |2D-6F-63-73-70-31-35-2D 64-65-76-2E-68-6F-6D-65| -ocsp15-dev.home
 0550 |2D-63-6F-6E-6E-65-63-74 2E-63-6F-6D-30-55-06-03| -connect.com0U..
 0560 |55-1D-1F-04-4E-30-4C-30 4A-A0-48-A0-46-86-44-68| U...N0L0J.H.F.Dh
 0570 |74-74-70-3A-2F-2F-70-6B 69-2D-63-72-6C-2D-64-65| ttp://pki-crl-de
 0580 |76-2E-68-6F-6D-65-2D-63 6F-6E-6E-65-63-74-2E-63| v.home-connect.c
 0590 |6F-6D-2F-64-65-31-66-66 39-62-32-32-62-38-63-66| om/de1ff9b22b8cf
 05A0 |65-30-62-62-64-36-62-32 32-36-39-32-30-34-62-34| e0bbd6b2269204b4
 05B0 |37-39-62-30-05-06-03-2B 65-70-03-41-00-50-2F-DF| 79b0...+ep.A.P/.
 05C0 |D3-40-63-A7-A7-FC-0A-2C B5-72-FA-30-AD-7B-1F-0E| .@c....,.r.0.{..
 05D0 |F8-57-66-E3-12-35-2E-EF 3E-64-00-5F-50-9D-73-FC| .Wf..5..>d._P.s.
 05E0 |17-F9-96-73-9B-7D-E1-43 44-65-BE-B7-28-98-8D-DC| ...s.}.CDe..(...
 05F0 |F2-E0-40-4B-EB-FE-E3-E3 8B-B7-B4-6B-09         | ..@K.......k.
2023-03-29 21:31:14.725 DEBUG WebSocketClient(1)[5] TLS: HandshakeMessage:Certificate was received.
2023-03-29 21:31:14.731 DEBUG WebSocketClient(1)[5] TLS: Rebex.Net.TlsException: Received unsuitable server certificate.
   at ocowd.rrnhi.qjnft(Byte[] p0, Int32 p1, Int32 p2, tpcwu p3)
   at ocowd.rrnhi.cuufh(Byte[] p0, Int32 p1, Int32 p2)
   at ocowd.rlvgh.gvejn(Byte[] p0, Int32 p1, Int32 p2)
   at ocowd.rlvgh.kiwgm()
2023-03-29 21:31:14.732 INFO WebSocketClient(1)[5] TLS: Fatal Alert:UnexpectedMessage was sent.
2023-03-29 21:31:14.732 VERBOSE WebSocketClient(1)[5] TLS: Sent TLS packet:
 0000 |15-03-03-00-02-02-0A                           | .......
2023-03-29 21:31:14.733 ERROR WebSocketClient(1)[5] HTTP: Error while sending request: Rebex.Net.TlsException: Received unsuitable server certificate.
 ---> Rebex.Net.TlsException: Received unsuitable server certificate.
   at ocowd.rrnhi.qjnft(Byte[] p0, Int32 p1, Int32 p2, tpcwu p3)
   at ocowd.rrnhi.cuufh(Byte[] p0, Int32 p1, Int32 p2)
   at ocowd.rlvgh.gvejn(Byte[] p0, Int32 p1, Int32 p2)
   at ocowd.rlvgh.kiwgm()
   --- End of inner exception stack trace ---
   at ocowd.rlvgh.kiwgm()
   at ocowd.rlvgh.bhoig()
   at ocowd.fmgwa.mlixy()
   at ocowd.fmgwa.egdtv()
   at Rebex.Net.TlsSocket.qnhsx()
   at Rebex.Net.TlsSocket.Negotiate()
   at ocowd.hbesd.bbgrz(ISocket p0, TlsCipher& p1)
   at ocowd.hbesd.xmpcv()
   at ocowd.fiwcw.lrocz()
   at ocowd.fiwcw.nwvdi(Boolean p0)
   at ocowd.fiwcw.hhvth()
by (144k points)
> I guess it has nothing to do with the certificate validation, as i already played around with disabling it. Could you again help me out here, what could be the issue here?

Yes, this error occurred while processing the message with server's certificate, where it was found that the certificate was not suitable to be used with the selected TLS cipher, because the certificate's public key algorithm did not match the cipher's key algorithm. That again is against the relevant TLS specifications.

According to the ServerHello message, the server selected the following TLS cipher:

CC A9 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

That means ECDH key exchange with ECDSA certificate, SHA-256 hash algorithm and ChaCha20/Poly1305 symmetric encryption.


> How can i get hold of the server certificate for getting more details on it?

The check that failed occurs before certificate validation (the certificate is unacceptable, so there is no need to validate it), and unfortunately our API doesn't make it possible to get hold of the certificate in this case.
But with knowledge of the TLS message structure, I was able to parse it out of the verbose log using the following code:

string hex = @"16-03-03-05-F8-0B-00-05 F4-00-05-F1-00-02-C2-30
82-02-BE-30-82-02-70-A0 03-02-01-02-02-10-5B-80
09-DE-78-28-E0-08-87-B2 33-37-CF-FF-8A-B0-30-05
(...)
D3-40-63-A7-A7-FC-0A-2C B5-72-FA-30-AD-7B-1F-0E
17-F9-96-73-9B-7D-E1-43 44-65-BE-B7-28-98-8D-DC
F2-E0-40-4B-EB-FE-E3-E3 8B-B7-B4-6B-09";

hex = hex.Replace("\r", "");
using (var output = File.OpenWrite("cert.der"))
{
    for (int i = 15 * 3; i < 721 * 3; i += 3)
    {
        int v = Convert.ToInt32(hex.Substring(i, 2), 16);
        output.WriteByte((byte)v);
    }
}

And it turns out that the error message was right - the certificate is using "1.3.101.112" signature algorithm, which indicates Ed25519.

However, Ed25519 is an EdDSA algorithm, not an ECDSA algorithm, so it's indeed not suitable to be used with TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 cipher. Additionally, the ClientHello message did not indicate support for Ed25519 signature scheme, which means the server violated the TLS protocol twice in this single case.

Interestingly, a bit of searching revealed that there are indeed some TLS implementations that allow Ed25519 certificates to be used with TLS_ECDHE_ECDSA ciphers. But we would argue this is very wrong - it's really an EDDSA cipher, not an ECDSA cipher. We are not aware of any draft specification (let alone RFC) that would allow this. Yet there is actually a draft specification that adds Ed25519 support to TLS 1.2, but that involves addition of TLS_ECDHE_EDDSA ciphers such as TLS_ECDHE_EDDSA_WITH_CHACHA20_POLY1305: https://datatracker.ietf.org/doc/html/draft-josefsson-tls-eddsa-01

But this draft has been expired for more than 7 years. We don't support it, and it seems likely that the server doesn't support it either.

So where do we go from here? These are the possible options:

1) Use TLS 1.3 instead of TLS 1.2. TLS 1.3 already includes support for Ed25519, and our TLS 1.3 implementation already supports it. So if the server supports it as well, this should be the preferred solution.

2) Change the server certificate to one that uses ECDSA instead of EDDSA. This is another simple and correct solution.

3) Allow Ed25519 to be used with ECDSA ciphers in our TLS implementations. It looks like this would be quite simple, but would require us to add an opotion for it. And it's not right, despite some existing implementations allowing this combo.

4) Add support for TLS_ECDHE_EDDSA ciphers to our TLS implementation, and fix the server's TLS implementation to use this. This would be a correct solution, but it involves updating not only our TLS library, but also the servers's, which makes it problematic.

Also, it's worth noting that solutions (2), (3) and (4) have one major drawback - Windows and .NET don't support validation of Ed25519 certificates yet. That means that you would have to use a custom certificate validator instead of the operating system's.
by
Hi Lukas,

great answer again and thanks a lot for already offering possible options.
I had the chance to talk to one of the server engineers and discussed the options.

We came to the conclusion that 3.) would be the most suitable for us.
Especially considering that OpenSSL and wolfSSL both are supporting it as well.

The validation of the certificate has to be done anyway custom, as we are dealing with IoT devices which may be offline most of the time.

What would be now the next steps for 3.)? Does somebody has to file in some CR? Can you help us with moving this forward? Do you even have some clue, about what time-frame we are talking about? It would be interesting to get a rough idea in order to adapt our timeline and planning.

Kind regards,
David
by (144k points)
> We came to the conclusion that 3.) would be the most suitable for us.
> Especially considering that OpenSSL and wolfSSL both are supporting it as well.

We did some testing and I can confirm that OpenSSL does indeed seem to support it. We already had a test server with OpenSSL for testing Ed25519 with TLS 1.3, and when we enabled TLS 1.2 as well, we were able to reproduce the "Received unsuitable server certificate" error, while OpenSSL client worked fine.

Further investigation revealed that OpenSSL actually uses Ed25519 signature scheme IDs defined by TLS 1.3 specification:
    https://www.rfc-editor.org/rfc/rfc8446#page-42

I have been unable to find any RFC or draft specification that would allow this to be used in TLS 1.2 (even though TLS 1.3 does actually specify RSASSA-PSS for TLS 1.2, this does not apply to Ed25519). OpenSSL and wolfSSL are both quite common, so it looks like it does make sense to add this feature as an option, even though it seems to be a custom extension.

> What would be now the next steps for 3.)? Does somebody has to file in some CR? Can you help us with moving this forward?

We already added this into the list of possible enhancements for the forthcoming R7 release, but we'll first have to look into it a bit more thorougly to make sure enabling this is indeed as simple as it seems.

> Do you even have some clue, about what time-frame we are talking about? It would be interesting to get a rough idea in order to adapt our timeline and planning.

R7 is nearly finished and a preview build (supported in production) might be available in about two weeks. If enabling Ed25519 in TLS 1.2 turns out to be to be simple, we might have a build ready for testing in several days. The tasks left on R7 mostly concern TLS anyway (mostly new features for TLS 1.3 and some tweaks in TLS 1.2 to make it up-to-date), so this acually fits quite nicely into our plans. I'll let post an udpate on this on Monday or Tuesday!
by (144k points)
We already have a working implementation. A preview build should be available within days once it's fully tested.
by (210 points)
Hi Lukas,
that are great news. :-)

As some days already passed, is there already some preview or even a release candidate available? How can we get access to it?

We would be very interested in it, as we need to evaluate, if it solves our issue we are currently having.

Kind regards,
David
by (144k points)
I just sent a link to the preview build to your email. Sorry for the delay!
by (210 points)
Hi Lukas,

we tried the preview build. Again one step further :-)
But still not where we want to be.

Now it seems to be some issue with the server-certificate, where i'm not sure what to do next.
Could you support again? Here is the log-output:

[...]
2023-04-16 13:16:44.101 DEBUG WebSocketClient(1)[8] TLS: HandshakeMessage:ServerKeyExchange was received.
2023-04-16 13:16:44.101 VERBOSE WebSocketClient(1)[8] TLS: Received TLS packet:
 0000 |16-03-03-00-28-0D-00-00 24-01-40-00-1E-06-03-05| ....(...$.@.....
 0010 |03-04-03-02-03-08-07-08 06-08-0B-08-05-08-0A-08| ................
 0020 |04-08-09-06-01-05-01-04 01-02-01-00-00         | .............
2023-04-16 13:16:44.101 DEBUG WebSocketClient(1)[8] TLS: HandshakeMessage:CertificateRequest was received.
2023-04-16 13:16:44.101 VERBOSE WebSocketClient(1)[8] TLS: Received TLS packet:
 0000 |16-03-03-00-04-0E-00-00 00                     | .........
2023-04-16 13:16:44.101 DEBUG WebSocketClient(1)[8] TLS: HandshakeMessage:ServerHelloDone was received.
2023-04-16 13:16:44.104 DEBUG WebSocketClient(1)[8] TLS: Verifying server certificate ('Description=1.3.6.1.4.1.20219.4.2.1.2, CN=80011839420000440335000000065').
2023-04-16 13:16:44.105 DEBUG WebSocketClient(1)[8] TLS: Certificate verification result: Accept
2023-04-16 13:16:44.105 DEBUG WebSocketClient(1)[8] TLS: Verifying server key exchange signature.
2023-04-16 13:16:44.119 DEBUG WebSocketClient(1)[8] TLS: Using ephemeral ECDH public key exchange with Curve 25519.
2023-04-16 13:16:44.126 DEBUG WebSocketClient(1)[8] TLS: Client certificate authentication was requested.
2023-04-16 13:16:44.126 DEBUG WebSocketClient(1)[8] TLS: Suitable client certificate is available ('Description=1.3.6.1.4.1.20219.4.2.4.1, CN=bsh.com, O=BSH').
2023-04-16 13:16:44.130 VERBOSE WebSocketClient(1)[8] TLS: Sent TLS packet:
 0000 |16-03-03-03-49-0B-00-03 45-00-03-42-00-03-3F-30| ....I...E..B..?0
 0010 |82-03-3B-30-82-02-ED-A0 03-02-01-02-02-10-46-97| ..;0..........F.
 0020 |AE-D0-E3-2C-A8-7A-50-77 E0-E2-EB-91-2E-8C-30-05| ...,.zPw......0.
 0030 |06-03-2B-65-70-30-69-31 0B-30-09-06-03-55-04-06| ..+ep0i1.0...U..
 0040 |13-02-44-45-31-1D-30-1B 06-03-55-04-0A-13-14-42| ..DE1.0...U....B
 0050 |53-48-20-48-61-75-73-67 65-72-61-65-74-65-20-47| SH Hausgeraete G
 0060 |6D-62-48-31-19-30-17-06 03-55-04-0B-13-10-50-72| mbH1.0...U....Pr
 0070 |6F-64-75-63-74-20-53-65 63-75-72-69-74-79-31-20| oduct Security1
 0080 |30-1E-06-03-55-04-03-13 17-44-45-56-20-53-65-72| 0...U....DEV Ser
 0090 |76-69-63-65-20-41-63-63 65-73-73-20-43-41-20-31| vice Access CA 1
 00A0 |30-1E-17-0D-32-33-30-33 32-39-31-30-33-32-35-33| 0...230329103253
 00B0 |5A-17-0D-32-33-30-34-32 39-31-30-33-32-35-33-5A| Z..230429103253Z
 00C0 |30-44-31-0C-30-0A-06-03 55-04-0A-13-03-42-53-48| 0D1.0...U....BSH
 00D0 |31-10-30-0E-06-03-55-04 03-13-07-62-73-68-2E-63| 1.0...U....bsh.c
 00E0 |6F-6D-31-22-30-20-06-03 55-04-0D-13-19-31-2E-33| om1"0 ..U....1.3
 00F0 |2E-36-2E-31-2E-34-2E-31 2E-32-30-32-31-39-2E-34| .6.1.4.1.20219.4
 0100 |2E-32-2E-34-2E-31-30-2A 30-05-06-03-2B-65-70-03| .2.4.10*0...+ep.
 0110 |21-00-3A-90-07-96-92-02 46-DE-6C-15-8B-E0-E1-AE| !.:.....F.l.....
 0120 |E4-4F-F7-07-56-E0-E7-87 B2-A6-66-94-29-1F-90-98| .O..V.....f.)...
 0130 |99-C2-A3-82-01-CE-30-82 01-CA-30-13-06-03-55-1D| ......0...0...U.
 0140 |25-04-0C-30-0A-06-08-2B 06-01-05-05-07-03-02-30| %..0...+.......0
 0150 |11-06-03-55-1D-0E-04-0A 04-08-43-76-FC-06-4D-68| ...U......Cv..Mh
 0160 |82-A9-30-4B-06-03-55-1D 20-04-44-30-42-30-40-06| ..0K..U. .D0B0@.
 0170 |0B-2B-06-01-04-01-81-9D 7B-04-01-01-30-31-30-2F| .+......{...010/
 0180 |06-08-2B-06-01-05-05-07 02-01-16-23-68-74-74-70| ..+........#http
 0190 |73-3A-2F-2F-77-77-77-2E 62-73-68-67-72-6F-75-70| s://www.bshgroup
 01A0 |2E-63-6F-6D-2F-64-69-67 69-74-61-6C-2D-69-64-30| .com/digital-id0
 01B0 |12-06-03-55-1D-11-04-0B 30-09-82-07-62-73-68-2E| ...U....0...bsh.
 01C0 |63-6F-6D-30-1F-06-03-55 1D-23-04-18-30-16-80-14| com0...U.#..0...
 01D0 |9D-F3-B4-A3-3A-DE-62-0B 36-CC-62-56-EA-44-17-6A| ....:.b.6.bV.D.j
 01E0 |B6-75-6B-4F-30-81-BD-06 08-2B-06-01-05-05-07-01| .ukO0....+......
 01F0 |01-04-81-B0-30-81-AD-30 32-06-08-2B-06-01-05-05| ....0..02..+....
 0200 |07-30-01-86-26-68-74-74 70-3A-2F-2F-70-6B-69-2D| .0..&http://pki-
 0210 |6F-63-73-70-32-32-2D-64 65-76-2E-68-6F-6D-65-2D| ocsp22-dev.home-
 0220 |63-6F-6E-6E-65-63-74-2E 63-6F-6D-30-77-06-08-2B| connect.com0w..+
 0230 |06-01-05-05-07-30-02-86 6B-68-74-74-70-3A-2F-2F| .....0..khttp://
 0240 |70-6B-69-2D-6F-63-73-70 32-32-2D-64-65-76-2E-68| pki-ocsp22-dev.h
 0250 |6F-6D-65-2D-63-6F-6E-6E 65-63-74-2E-63-6F-6D-68| ome-connect.comh
 0260 |74-74-70-3A-2F-2F-70-6B 69-2D-63-61-32-32-2D-64| ttp://pki-ca22-d
 0270 |65-76-2E-68-6F-6D-65-2D 63-6F-6E-6E-65-63-74-2E| ev.home-connect.
 0280 |63-6F-6D-2F-68-63-61-69 30-6F-78-61-72-33-71-61| com/hcai0oxar3qa
 0290 |71-6C-31-36-70-73-31-64 71-63-63-71-7A-73-74-7A| ql16ps1dqccqzstz
 02A0 |78-6E-75-37-30-0E-06-03 55-1D-0F-01-01-FF-04-04| xnu70...U.......
 02B0 |03-02-07-80-30-4E-06-03 55-1D-1F-04-47-30-45-30| ....0N..U...G0E0
 02C0 |43-A0-41-A0-3F-86-3D-68 74-74-70-3A-2F-2F-70-6B| C.A.?.=http://pk
 02D0 |69-2D-63-72-6C-32-32-2D 64-65-76-2E-68-6F-6D-65| i-crl22-dev.home
 02E0 |2D-63-6F-6E-6E-65-63-74 2E-63-6F-6D-2F-63-72-6C| -connect.com/crl
 02F0 |2F-64-65-76-73-65-72-76 69-63-65-61-63-63-65-73| /devserviceacces
 0300 |73-63-61-31-30-05-06-03 2B-65-70-03-41-00-62-F2| sca10...+ep.A.b.
 0310 |44-5B-95-25-3A-93-95-5A A2-7A-7E-43-0F-D8-FC-EA| D[.%:..Z.z~C....
 0320 |FD-73-FE-C2-B6-57-B1-FD 1C-3B-8B-B9-86-1D-00-45| .s...W...;.....E
 0330 |DE-0A-B7-64-79-59-1D-45 08-E4-32-1E-00-0A-33-6E| ...dyY.E..2...3n
 0340 |DE-6E-3E-A6-0D-E9-23-2D 9A-74-6A-61-52-03      | .n>...#-.tjaR.
2023-04-16 13:16:44.130 DEBUG WebSocketClient(1)[8] TLS: HandshakeMessage:Certificate was sent.
2023-04-16 13:16:44.131 VERBOSE WebSocketClient(1)[8] TLS: Sent TLS packet:
 0000 |16-03-03-00-25-10-00-00 21-20-1B-9A-A2-9D-09-1C| ....%...! ......
 0010 |0A-06-D7-27-8B-33-0A-13 BD-92-6A-FE-47-90-B6-75| ...'.3....j.G..u
 0020 |1D-DA-B5-E5-F7-A3-94-77 2D-04                  | .......w-.
2023-04-16 13:16:44.131 DEBUG WebSocketClient(1)[8] TLS: HandshakeMessage:ClientKeyExchange was sent.
2023-04-16 13:16:44.140 INFO WebSocketClient(1)[8] TLS: Performing client certificate authentication.
2023-04-16 13:16:44.144 DEBUG WebSocketClient(1)[8] TLS: Error while processing TLS packet: System.NotSupportedException: The SignHash method is not supported for this key algorithm. Use SignMessage method instead.
   at Rebex.Security.Certificates.Certificate.SignHash(Byte[] hash, SignatureHashAlgorithm alg, Boolean silent)
   at csbmi.mmqvw.cahrn(Byte[] p0, Int32 p1, Int32 p2, hsjmr p3)
   at csbmi.mmqvw.vulda(Byte[] p0, Int32 p1, Int32 p2)
   at csbmi.lineq.gewas(Byte[] p0, Int32 p1, Int32 p2)
   at csbmi.lineq.vzjni()
2023-04-16 13:16:44.145 INFO WebSocketClient(1)[8] TLS: Fatal Alert:InternalError was sent.
2023-04-16 13:16:44.145 VERBOSE WebSocketClient(1)[8] TLS: Sent TLS packet:
 0000 |15-03-03-00-02-02-50                           | ......P
2023-04-16 13:16:44.147 ERROR WebSocketClient(1)[8] HTTP: Error while sending request: Rebex.Net.TlsException: The SignHash method is not supported for this key algorithm. Use SignMessage method instead.
 ---> System.NotSupportedException: The SignHash method is not supported for this key algorithm. Use SignMessage method instead.
   at Rebex.Security.Certificates.Certificate.SignHash(Byte[] hash, SignatureHashAlgorithm alg, Boolean silent)
   at csbmi.mmqvw.cahrn(Byte[] p0, Int32 p1, Int32 p2, hsjmr p3)
   at csbmi.mmqvw.vulda(Byte[] p0, Int32 p1, Int32 p2)
   at csbmi.lineq.gewas(Byte[] p0, Int32 p1, Int32 p2)
   at csbmi.lineq.vzjni()
   --- End of inner exception stack trace ---
   at csbmi.lineq.vzjni()
   at csbmi.lineq.afqsn()
   at csbmi.jjdof.kzvts()
   at csbmi.jjdof.thgin()
   at Rebex.Net.TlsSocket.qmjat()
   at Rebex.Net.TlsSocket.Negotiate()
   at csbmi.mjxym.wcnrr(ISocket p0, TlsCipher& p1)
   at csbmi.mjxym.utcsv()
   at csbmi.cdedv.kapga()
   at csbmi.cdedv.rxbxt(Boolean p0)
   at csbmi.cdedv.ifuqy()
2023-04-16 13:16:44.152 ERROR WebSocketClient(1)[8] WebSocket: Error occurred: Rebex.Net.WebSocketException: An error occurred while opening the WebSocket.
 ---> csbmi.clagr: The SignHash method is not supported for this key algorithm. Use SignMessage method instead.
 ---> Rebex.Net.TlsException: The SignHash method is not supported for this key algorithm. Use SignMessage method instead.
 ---> System.NotSupportedException: The SignHash method is not supported for this key algorithm. Use SignMessage method instead.
   at Rebex.Security.Certificates.Certificate.SignHash(Byte[] hash, SignatureHashAlgorithm alg, Boolean silent)
   at csbmi.mmqvw.cahrn(Byte[] p0, Int32 p1, Int32 p2, hsjmr p3)
   at csbmi.mmqvw.vulda(Byte[] p0, Int32 p1, Int32 p2)
   at csbmi.lineq.gewas(Byte[] p0, Int32 p1, Int32 p2)
   at csbmi.lineq.vzjni()
   --- End of inner exception stack trace ---
   at csbmi.lineq.vzjni()
   at csbmi.lineq.afqsn()
   at csbmi.jjdof.kzvts()
   at csbmi.jjdof.thgin()
   at Rebex.Net.TlsSocket.qmjat()
   at Rebex.Net.TlsSocket.Negotiate()
   at csbmi.mjxym.wcnrr(ISocket p0, TlsCipher& p1)
   at csbmi.mjxym.utcsv()
   at csbmi.cdedv.kapga()
   at csbmi.cdedv.rxbxt(Boolean p0)
   at csbmi.cdedv.ifuqy()
   --- End of inner exception stack trace ---
   at csbmi.cdedv.ifuqy()
   at csbmi.ehcec.uihka.ajkpn()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
   at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
   at csbmi.ehcec.wlygr(Uri p0, unitj p1, ISocketFactory p2, WebSocketClientSettings p3, WebSocketClientOptions p4, TlsParameters p5, CancellationToken p6)
   --- End of inner exception stack trace ---
   at csbmi.ehcec.wlygr(Uri p0, unitj p1, ISocketFactory p2, WebSocketClientSettings p3, WebSocketClientOptions p4, TlsParameters p5, CancellationToken p6)
   at Rebex.Net.WebSocketClient.ConnectAsync(Uri uri, CancellationToken cancellationToken)
by (144k points)
The error occurred while attempting client certificate authentication with Ed25519-based certificate, which is actually the only part of the Ed25519 update that we have not tested yet. I just sent an updated preview build to your e-mail, please give it a try.
by (210 points)
Here is the result of another test-run. This time it indicates a Unknown CA by the server. Not sure, if this has something to do with Rebex or rather with the server-authentication.

2023-04-18 08:28:47.825 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:ServerKeyExchange was received.
2023-04-18 08:28:47.825 VERBOSE WebSocketClient(1)[7] TLS: Received TLS packet:
 0000 |16-03-03-00-28-0D-00-00 24-01-40-00-1E-06-03-05| ....(...$.@.....
 0010 |03-04-03-02-03-08-07-08 06-08-0B-08-05-08-0A-08| ................
 0020 |04-08-09-06-01-05-01-04 01-02-01-00-00         | .............
2023-04-18 08:28:47.826 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:CertificateRequest was received.
2023-04-18 08:28:47.826 VERBOSE WebSocketClient(1)[7] TLS: Received TLS packet:
 0000 |16-03-03-00-04-0E-00-00 00                     | .........
2023-04-18 08:28:47.826 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:ServerHelloDone was received.
2023-04-18 08:28:47.833 DEBUG WebSocketClient(1)[7] TLS: Verifying server certificate ('Description=1.3.6.1.4.1.20219.4.2.1.2, CN=80011839420000440335000000065').
2023-04-18 08:28:47.834 DEBUG WebSocketClient(1)[7] TLS: Certificate verification result: Accept
2023-04-18 08:28:47.835 DEBUG WebSocketClient(1)[7] TLS: Verifying server key exchange signature.
2023-04-18 08:28:47.846 DEBUG WebSocketClient(1)[7] TLS: Using ephemeral ECDH public key exchange with Curve 25519.
2023-04-18 08:28:47.853 DEBUG WebSocketClient(1)[7] TLS: Client certificate authentication was requested.
2023-04-18 08:28:47.854 DEBUG WebSocketClient(1)[7] TLS: Suitable client certificate is available ('Description=1.3.6.1.4.1.20219.4.2.4.1, CN=bsh.com, O=BSH').
2023-04-18 08:28:47.858 VERBOSE WebSocketClient(1)[7] TLS: Sent TLS packet:
 0000 |16-03-03-03-49-0B-00-03 45-00-03-42-00-03-3F-30| ....I...E..B..?0
 0010 |82-03-3B-30-82-02-ED-A0 03-02-01-02-02-10-46-97| ..;0..........F.
 0020 |AE-D0-E3-2C-A8-7A-50-77 E0-E2-EB-91-2E-8C-30-05| ...,.zPw......0.
 0030 |06-03-2B-65-70-30-69-31 0B-30-09-06-03-55-04-06| ..+ep0i1.0...U..
 0040 |13-02-44-45-31-1D-30-1B 06-03-55-04-0A-13-14-42| ..DE1.0...U....B
 0050 |53-48-20-48-61-75-73-67 65-72-61-65-74-65-20-47| SH Hausgeraete G
 0060 |6D-62-48-31-19-30-17-06 03-55-04-0B-13-10-50-72| mbH1.0...U....Pr
 0070 |6F-64-75-63-74-20-53-65 63-75-72-69-74-79-31-20| oduct Security1
 0080 |30-1E-06-03-55-04-03-13 17-44-45-56-20-53-65-72| 0...U....DEV Ser
 0090 |76-69-63-65-20-41-63-63 65-73-73-20-43-41-20-31| vice Access CA 1
 00A0 |30-1E-17-0D-32-33-30-33 32-39-31-30-33-32-35-33| 0...230329103253
 00B0 |5A-17-0D-32-33-30-34-32 39-31-30-33-32-35-33-5A| Z..230429103253Z
 00C0 |30-44-31-0C-30-0A-06-03 55-04-0A-13-03-42-53-48| 0D1.0...U....BSH
 00D0 |31-10-30-0E-06-03-55-04 03-13-07-62-73-68-2E-63| 1.0...U....bsh.c
 00E0 |6F-6D-31-22-30-20-06-03 55-04-0D-13-19-31-2E-33| om1"0 ..U....1.3
 00F0 |2E-36-2E-31-2E-34-2E-31 2E-32-30-32-31-39-2E-34| .6.1.4.1.20219.4
 0100 |2E-32-2E-34-2E-31-30-2A 30-05-06-03-2B-65-70-03| .2.4.10*0...+ep.
 0110 |21-00-3A-90-07-96-92-02 46-DE-6C-15-8B-E0-E1-AE| !.:.....F.l.....
 0120 |E4-4F-F7-07-56-E0-E7-87 B2-A6-66-94-29-1F-90-98| .O..V.....f.)...
 0130 |99-C2-A3-82-01-CE-30-82 01-CA-30-13-06-03-55-1D| ......0...0...U.
 0140 |25-04-0C-30-0A-06-08-2B 06-01-05-05-07-03-02-30| %..0...+.......0
 0150 |11-06-03-55-1D-0E-04-0A 04-08-43-76-FC-06-4D-68| ...U......Cv..Mh
 0160 |82-A9-30-4B-06-03-55-1D 20-04-44-30-42-30-40-06| ..0K..U. .D0B0@.
 0170 |0B-2B-06-01-04-01-81-9D 7B-04-01-01-30-31-30-2F| .+......{...010/
 0180 |06-08-2B-06-01-05-05-07 02-01-16-23-68-74-74-70| ..+........#http
 0190 |73-3A-2F-2F-77-77-77-2E 62-73-68-67-72-6F-75-70| s://www.bshgroup
 01A0 |2E-63-6F-6D-2F-64-69-67 69-74-61-6C-2D-69-64-30| .com/digital-id0
 01B0 |12-06-03-55-1D-11-04-0B 30-09-82-07-62-73-68-2E| ...U....0...bsh.
 01C0 |63-6F-6D-30-1F-06-03-55 1D-23-04-18-30-16-80-14| com0...U.#..0...
 01D0 |9D-F3-B4-A3-3A-DE-62-0B 36-CC-62-56-EA-44-17-6A| ....:.b.6.bV.D.j
 01E0 |B6-75-6B-4F-30-81-BD-06 08-2B-06-01-05-05-07-01| .ukO0....+......
 01F0 |01-04-81-B0-30-81-AD-30 32-06-08-2B-06-01-05-05| ....0..02..+....
 0200 |07-30-01-86-26-68-74-74 70-3A-2F-2F-70-6B-69-2D| .0..&http://pki-
 0210 |6F-63-73-70-32-32-2D-64 65-76-2E-68-6F-6D-65-2D| ocsp22-dev.home-
 0220 |63-6F-6E-6E-65-63-74-2E 63-6F-6D-30-77-06-08-2B| connect.com0w..+
 0230 |06-01-05-05-07-30-02-86 6B-68-74-74-70-3A-2F-2F| .....0..khttp://
 0240 |70-6B-69-2D-6F-63-73-70 32-32-2D-64-65-76-2E-68| pki-ocsp22-dev.h
 0250 |6F-6D-65-2D-63-6F-6E-6E 65-63-74-2E-63-6F-6D-68| ome-connect.comh
 0260 |74-74-70-3A-2F-2F-70-6B 69-2D-63-61-32-32-2D-64| ttp://pki-ca22-d
 0270 |65-76-2E-68-6F-6D-65-2D 63-6F-6E-6E-65-63-74-2E| ev.home-connect.
 0280 |63-6F-6D-2F-68-63-61-69 30-6F-78-61-72-33-71-61| com/hcai0oxar3qa
 0290 |71-6C-31-36-70-73-31-64 71-63-63-71-7A-73-74-7A| ql16ps1dqccqzstz
 02A0 |78-6E-75-37-30-0E-06-03 55-1D-0F-01-01-FF-04-04| xnu70...U.......
 02B0 |03-02-07-80-30-4E-06-03 55-1D-1F-04-47-30-45-30| ....0N..U...G0E0
 02C0 |43-A0-41-A0-3F-86-3D-68 74-74-70-3A-2F-2F-70-6B| C.A.?.=http://pk
 02D0 |69-2D-63-72-6C-32-32-2D 64-65-76-2E-68-6F-6D-65| i-crl22-dev.home
 02E0 |2D-63-6F-6E-6E-65-63-74 2E-63-6F-6D-2F-63-72-6C| -connect.com/crl
 02F0 |2F-64-65-76-73-65-72-76 69-63-65-61-63-63-65-73| /devserviceacces
 0300 |73-63-61-31-30-05-06-03 2B-65-70-03-41-00-62-F2| sca10...+ep.A.b.
 0310 |44-5B-95-25-3A-93-95-5A A2-7A-7E-43-0F-D8-FC-EA| D[.%:..Z.z~C....
 0320 |FD-73-FE-C2-B6-57-B1-FD 1C-3B-8B-B9-86-1D-00-45| .s...W...;.....E
 0330 |DE-0A-B7-64-79-59-1D-45 08-E4-32-1E-00-0A-33-6E| ...dyY.E..2...3n
 0340 |DE-6E-3E-A6-0D-E9-23-2D 9A-74-6A-61-52-03      | .n>...#-.tjaR.
2023-04-18 08:28:47.858 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:Certificate was sent.
2023-04-18 08:28:47.859 VERBOSE WebSocketClient(1)[7] TLS: Sent TLS packet:
 0000 |16-03-03-00-25-10-00-00 21-20-19-D4-41-DE-0E-0C| ....%...! ..A...
 0010 |70-BF-9D-31-F9-67-88-9A 0F-6C-1B-87-03-13-13-ED| p..1.g...l......
 0020 |46-95-D5-CC-03-9F-26-12 83-05                  | F.....&...
2023-04-18 08:28:47.859 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:ClientKeyExchange was sent.
2023-04-18 08:28:47.867 INFO WebSocketClient(1)[7] TLS: Performing client certificate authentication.
2023-04-18 08:28:47.872 VERBOSE WebSocketClient(1)[7] TLS: Sent TLS packet:
 0000 |16-03-03-00-48-0F-00-00 44-08-07-00-40-C2-77-B6| ....H...D...@.w.
 0010 |53-7F-C6-BD-CC-58-89-9D DE-65-3E-08-00-7B-33-C8| S....X...e>..{3.
 0020 |60-3A-E0-9D-BC-BA-84-26 A7-87-B3-FC-6C-A3-9F-FA| `:.....&....l...
 0030 |57-FF-AE-4A-BF-67-FA-4E D2-13-5A-94-09-19-29-23| W..J.g.N..Z...)#
 0040 |C8-F4-7B-0C-8C-19-30-07 C9-02-CD-90-0B         | ..{...0......
2023-04-18 08:28:47.872 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:CertificateVerify was sent.
2023-04-18 08:28:47.872 VERBOSE WebSocketClient(1)[7] TLS: Sent TLS packet:
 0000 |14-03-03-00-01-01                              | ......
2023-04-18 08:28:47.872 DEBUG WebSocketClient(1)[7] TLS: CipherSpec:ChangeCipherSpec was sent.
2023-04-18 08:28:47.873 DEBUG WebSocketClient(1)[7] TLS: HandshakeMessage:Finished was sent.
2023-04-18 08:28:47.873 VERBOSE WebSocketClient(1)[7] TLS: Sent TLS packet:
 0000 |16-03-03-00-10-14-00-00 0C-9E-53-AB-3A-07-E0-05| ..........S.:...
 0010 |F7-DA-A4-95-D3                                 | .....
2023-04-18 08:28:47.879 VERBOSE WebSocketClient(1)[7] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-30                           | ......0
2023-04-18 08:28:47.880 INFO WebSocketClient(1)[7] TLS: Fatal Alert:UnknownCa was received.
2023-04-18 08:28:47.885 DEBUG WebSocketClient(1)[7] TLS: Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
   at jsssn.smwfm.vvpvi(Byte[] p0, Int32 p1, Int32 p2)
   at jsssn.nudyx.kruqh(Byte[] p0, Int32 p1, Int32 p2)
   at jsssn.nudyx.cpoti()
2023-04-18 08:28:47.892 ERROR WebSocketClient(1)[7] HTTP: Error while sending request: Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
 ---> Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
   at jsssn.smwfm.vvpvi(Byte[] p0, Int32 p1, Int32 p2)
   at jsssn.nudyx.kruqh(Byte[] p0, Int32 p1, Int32 p2)
   at jsssn.nudyx.cpoti()
   --- End of inner exception stack trace ---
   at jsssn.nudyx.cpoti()
   at jsssn.nudyx.ishsy()
   at jsssn.roaxg.spfcg()
   at jsssn.roaxg.hwdco()
   at Rebex.Net.TlsSocket.maycd()
   at Rebex.Net.TlsSocket.Negotiate()
   at jsssn.uawzw.gxloy(ISocket p0, TlsCipher& p1)
   at jsssn.uawzw.etwen()
   at jsssn.kxsxv.hawob()
   at jsssn.kxsxv.aqnpr(Boolean p0)
   at jsssn.kxsxv.jcbcp()
2023-04-18 08:28:47.897 ERROR WebSocketClient(1)[7] WebSocket: Error occurred: Rebex.Net.WebSocketException: An error occurred while opening the WebSocket.
 ---> jsssn.zsvrp: Fatal error 'UnknownCa' has been reported by the remote connection end.
 ---> Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
 ---> Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
   at jsssn.smwfm.vvpvi(Byte[] p0, Int32 p1, Int32 p2)
   at jsssn.nudyx.kruqh(Byte[] p0, Int32 p1, Int32 p2)
   at jsssn.nudyx.cpoti()
   --- End of inner exception stack trace ---
   at jsssn.nudyx.cpoti()
   at jsssn.nudyx.ishsy()
   at jsssn.roaxg.spfcg()
   at jsssn.roaxg.hwdco()
   at Rebex.Net.TlsSocket.maycd()
   at Rebex.Net.TlsSocket.Negotiate()
   at jsssn.uawzw.gxloy(ISocket p0, TlsCipher& p1)
   at jsssn.uawzw.etwen()
   at jsssn.kxsxv.hawob()
   at jsssn.kxsxv.aqnpr(Boolean p0)
   at jsssn.kxsxv.jcbcp()
   --- End of inner exception stack trace ---
   at jsssn.kxsxv.jcbcp()
   at jsssn.smkgo.cedww.bphdf()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
   at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
   at jsssn.smkgo.qwxwj(Uri p0, lymyy p1, ISocketFactory p2, WebSocketClientSettings p3, WebSocketClientOptions p4, TlsParameters p5, CancellationToken p6)
   --- End of inner exception stack trace ---
   at jsssn.smkgo.qwxwj(Uri p0, lymyy p1, ISocketFactory p2, WebSocketClientSettings p3, WebSocketClientOptions p4, TlsParameters p5, CancellationToken p6)
   at Rebex.Net.WebSocketClient.ConnectAsync(Uri uri, CancellationToken cancellationToken)
by (144k points)
The server is rejecting the client's certificate with UnknownCA (unknown_ca) error response. According to RFC 5246, this means that:

A valid certificate chain or partial chain was received [by the server], but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA.
by (210 points)
Hi Lukas,
yes...that is what i also thought. I also had quick contact to our server-developer.
He mentioned, that somehow the parent-certificate is not reaching the server.

How is the correct way of using a certificate-chain with the Rebex Websocket client?
We are doing the following:

client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(Certificate.LoadDerWithKey(certPath, keyPath, password));

where certPath directs to a pem-file and keyPath is a pfx-file.

I checked the assemblys, but did find a proper way of providing a certificate with key and password in the CertificateChain-class.
by (144k points)
To pass the whole chain, you have to pass the whole chain to CertificateRequestHandler.CreateRequestHandler. To get the whole chain, you might try building it using CertificateChain.BuildFrom. That would normally be the preferred option (it would add the CA certificates if they are found in current user's certificate stores), but I'm not quite sure whether it would work for Ed25519 certificates, which are not supported by Windows API's yet.
So if that doesn't work (= it returns a chain with only a single certificate), you can construct the chain manually from the client certificate and the authorities

    // load the certificate
    var cert = Certificate.LoadDerWithKey(certPath, keyPath, password);

    // create the chain
    var chain = new CertificateChain(cert);

    // add intermediate CA certificates to the chain (in proper order)
    var caCert1 = Certificate.LoadDer(caCert1Path);
    chain.Add(caCert1);

    var caCert2 = Certificate.LoadDer(caCert2Path);
    chain.Add(caCert2);

    ...

    // create CertificateRequestHandler based on the chain

    client.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(chain);
by (210 points)
Hi Lukas,

we finally were able now to perform test on the different platforms (iOS and Android).
Both are working fine and we can establish a connection to our API.
Regarding the certificate chain -  we are using the second approach you proposed.

Great thanks for all your support and the changes in the library.

Do you already have some official release-date in mind?
by (144k points)
Hi, we would like to publish the R7.0 version this month. And if we miss this deadline, we could at least publish a release candidate build that would be supported in production.
by (210 points)
Hi Lukas,
Any news about the release?
by (144k points)
R7.0 is almost ready, but we are now working on finishing R6.13 next week. Once we are done with it, we'll merge R6.13 improvements to R7 and hopefully publish it in a week or so. Sorry for the delay!
by (210 points)
Hi Lukas,
sorry to bother again, but haven't heard anything yet about the new release. Any new date available? We are looking forward to use it. :-)
by (144k points)
Hi, we just published the new release to NuGet.org: https://www.nuget.org/packages/Rebex.Tls/7.0.8581

We will publish this to our website as well tomorrow.
by (210 points)
Hi Lukas,

finally we are now testing again our setup with the latest Rebex-Version + latest development with our IoT-device.

Unfortunately we receive some handshake error. See Rebexlog below.

We also did some trace with WireShark. One thing we noticed, is that maybe some signature algorithm is missing. We do need so something for ED25519, but only those are available:

Extension: signature_algorithms (len=18)
                Type: signature_algorithms (13)
                Length: 18
                Signature Hash Algorithms Length: 16
                Signature Hash Algorithms (8 algorithms)
                    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                    Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                    Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                    Signature Algorithm: ecdsa_sha1 (0x0203)

We are following the approach mentioned here for integration: https://www.rebex.net/kb/simple-elliptic-curve-libraries/

Is there anything additional to consider? Do you have some extra advice, how the support for ED25519 can be enabled?

2023-08-21 17:39:01.205 INFO WebSocketClient(1)[13] WebSocket: Connecting to 'wss://192.168.217.2:28441/maintenance'...
2023-08-21 17:39:01.205 INFO WebSocketClient(1)[13] Info: Assembly: Rebex.WebSocket 7.0.8581 for .NET Core 3.1
2023-08-21 17:39:01.205 INFO WebSocketClient(1)[13] Info: Platform: macOS (Darwin 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul  5 22:21:56 PDT 2023; root:xnu-8796.141.3~6/RELEASE_X86_64) 64-bit; CLR: .NET Core 3.1.32
2023-08-21 17:39:01.205 DEBUG WebSocketClient(1)[13] Info: Culture: en; windows-1252
2023-08-21 17:39:01.234 INFO WebSocketClient(1)[6] HTTP: Connecting to 'https://192.168.217.2:28441'...
2023-08-21 17:39:01.251 DEBUG WebSocketClient(1)[6] Proxy: Connecting to 192.168.217.2:28441 (no proxy).
2023-08-21 17:39:01.255 DEBUG WebSocketClient(1)[6] Proxy: Connection established.
2023-08-21 17:39:01.323 DEBUG WebSocketClient(1)[6] TLS: Using classic TLS core.
2023-08-21 17:39:01.333 DEBUG WebSocketClient(1)[6] TLS: Enabled cipher suites: 0x0C1F3CC32B000000.
2023-08-21 17:39:01.333 DEBUG WebSocketClient(1)[6] TLS: Applicable cipher suites: 0x0C1F3CC32B000000.
2023-08-21 17:39:01.457 VERBOSE WebSocketClient(1)[6] TLS: Sent TLS packet:
 0000 |16-03-03-02-00-01-00-01 FC-03-03-64-E3-85-15-5D| ...........d...]
 0010 |EF-AD-1F-86-35-B3-41-F2 B4-E7-D5-5B-7B-03-18-D9| ....5.A....[{...
 0020 |13-61-91-B1-4A-79-1D-02 CD-F0-A3-00-00-26-C0-2B| .a..Jy.......&.+
 0030 |C0-2F-C0-2C-C0-30-CC-A9 CC-A8-00-9E-00-9F-CC-AA| ./.,.0..........
 0040 |C0-23-C0-27-C0-24-C0-28 00-67-00-6B-00-9C-00-9D| .#.'.$.(.g.k....
 0050 |00-3C-00-3D-01-00-01-AD 00-00-00-12-00-10-00-00| .<.=............
 0060 |0D-31-39-32-2E-31-36-38 2E-32-31-37-2E-32-00-17| .192.168.217.2..
 0070 |00-00-FF-01-00-01-00-00 0A-00-08-00-06-00-1D-00| ................
 0080 |17-00-18-00-0B-00-02-01 00-00-0D-00-12-00-10-04| ................
 0090 |01-04-03-05-01-05-03-06 01-06-03-02-01-02-03-00| ................
 00A0 |15-01-62-00-00-00-00-00 00-00-00-00-00-00-00-00| ..b.............
 00B0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00C0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00D0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00E0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00F0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0100 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0110 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0120 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0130 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0140 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0150 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0160 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0170 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0180 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0190 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01A0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01B0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01C0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01D0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01E0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01F0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0200 |00-00-00-00-00                                 | .....
2023-08-21 17:39:01.459 DEBUG WebSocketClient(1)[6] TLS: HandshakeMessage:ClientHello was sent.
2023-08-21 17:39:01.466 VERBOSE WebSocketClient(1)[6] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-28                           | ......(
2023-08-21 17:39:01.469 INFO WebSocketClient(1)[6] TLS: Fatal Alert:HandshakeFailure was received.
2023-08-21 17:39:01.475 DEBUG WebSocketClient(1)[6] TLS: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
   at rxohr.cklaq.ohtwy(Byte[] p0, Int32 p1, Int32 p2)
   at rxohr.drmdh.kkrxg(Byte[] p0, Int32 p1, Int32 p2)
   at rxohr.drmdh.cwoax()
by (144k points)
Ed25519 signature scheme is disabled by default, and has to be enabled using SetSignatureSchemes method. The following code gets successfully connects to a WebSocket server using OpenSSL:
    var client = new WebSocketClient();
    client.Settings.SetSignatureSchemes(TlsSignatureScheme.Ed25519); // enable Ed25519
    client.Settings.SslAllowedSuites = TlsCipherSuite.Secure;
    client.Settings.SslAcceptAllCertificates = true; // do not do this in production
    client.Connect("wss://server.example.org");
...