Websocket connection : SSLAceptsAllCertificates = false fails in .NET 9 MAUI but works in Xamarin / .NET 8

Question

We are encountering an SSL/TLS handshake issue with a secure WebSocket (WSS) connection after migrating our app to .NET 9 MAUI (iOS).

Observed behavior:
In Xamarin and .NET 8, setting SSLAcceptsAllCertificates = false works correctly for the WebSocket connection.
In .NET 9 MAUI, the WebSocket connection fails when SSLAcceptsAllCertificates = false.
The same WebSocket connection works when SSLAcceptsAllCertificates = true.

Is there a reason that the issue may be related to:

• Stricter SSL/TLS validation or security changes introduced in .NET 9, specifically affecting WSS,or
• TLS / certificate compatibility issues

Rebex log file:

026-01-31 18:00:07.571 Opening log file.
2026-01-31 18:00:07.572 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common 7.0.8720 for .NET 8.0
2026-01-31 18:00:07.574 INFO FileLogWriter(1)[1] Info: Platform: iOS (Darwin 24.5.0 Darwin Kernel Version 24.5.0: Tue Apr 22 19:48:46 PDT 2025; root:xnu-11417.121.6~2/RELEASEARM64T8103) 64-bit; CLR: .NET 9.0.9
2026-01-31 18:00:28.476 INFO WebSocketClient(2)[1] WebSocket: Connecting to 'wss://xxx.xxx.0.1:port/maintenance'...
2026-01-31 18:00:28.476 INFO WebSocketClient(2)[1] Info: Assembly: Rebex.WebSocket 7.0.8720 for .NET 8.0
2026-01-31 18:00:28.476 INFO WebSocketClient(2)[1] Info: Platform: iOS (Darwin 24.5.0 Darwin Kernel Version 24.5.0: Tue Apr 22 19:48:46 PDT 2025; root:xnu-11417.121.6~2/RELEASEARM64T8103) 64-bit; CLR: .NET 9.0.9
2026-01-31 18:00:28.484 INFO WebSocketClient(2)[16] HTTP: Connecting to 'https://xxx.xxx.0.1:port'...
2026-01-31 18:00:28.713 INFO WebSocketClient(2)[16] TLS: Fatal Alert:HandshakeFailure was received.
2026-01-31 18:00:28.736 ERROR WebSocketClient(2)[16] HTTP: Error while sending request: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
at xoaqd.tfdcv.afkck(Byte[] p0, Int32 p1, Int32 p2)
at xoaqd.gkalo.bafky(Byte[] p0, Int32 p1, Int32 p2)
at xoaqd.gkalo.sbpqr()
--- End of inner exception stack trace ---
at xoaqd.gkalo.sbpqr()
at xoaqd.gkalo.iblqr()
at xoaqd.kkpkm.tfmmk()
at xoaqd.kkpkm.yeisg()
at Rebex.Net.TlsSocket.srugk()
at Rebex.Net.TlsSocket.Negotiate()
at xoaqd.uyyjp.pyfbt(ISocket p0, TlsCipher& p1)
at xoaqd.uyyjp.dxnpe()
at xoaqd.krjti.rzopz()
at xoaqd.krjti.nthub(Boolean p0)
at xoaqd.krjti.bdzva()

Could you please help clarify:

• Whether this behavior change is expected for secure WebSocket (WSS) connections in .NET 9 MAUI?
• What the recommended approach is to make SSL validation work correctly for WebSockets without disabling certificate checks?

Thank you for your support.

Answer 1

First of all, please be aware that v7.0.8720 of Rebex WebSocket library does not support .NET 9 or .NET 10, and is not actually expected to work on these platforms. It has been published before these platforms existed, has never been tested on them. If it works at all, compatibility issues are to be expected, particularly on mobile platforms, which has seen lot of updates in .NET 9 and .NET 10, some of which we had to address in subsequent releases of Rebex WebSocket.

As for the "Fatal error 'HandshakeFailure' has been reported by the remote connection end" error - it's not even clear yet whether this is related to certificate validation at all. A log created at LogLevel.Debug might shed some light onto this. However, it would really be useful to try using a more recent version of Rebex WebSocket library that actually supports .NET 9 and has been tested on it.