Ask a Question

Websocket connection : SSLAceptsAllCertificates = false fails in .NET 9 MAUI but works in Xamarin / .NET 8

+1 vote
by (270 points)

We are encountering an SSL/TLS handshake issue with a secure WebSocket (WSS) connection after migrating our app to .NET 9 MAUI (iOS).

Observed behavior:
In Xamarin and .NET 8, setting SSLAcceptsAllCertificates = false works correctly for the WebSocket connection.
In .NET 9 MAUI, the WebSocket connection fails when SSLAcceptsAllCertificates = false.
The same WebSocket connection works when SSLAcceptsAllCertificates = true.

Is there a reason that the issue may be related to:

  • Stricter SSL/TLS validation or security changes introduced in .NET 9, specifically affecting WSS,or
  • TLS / certificate compatibility issues

Rebex log file:

026-01-31 18:00:07.571 Opening log file.
2026-01-31 18:00:07.572 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common 7.0.8720 for .NET 8.0
2026-01-31 18:00:07.574 INFO FileLogWriter(1)[1] Info: Platform: iOS (Darwin 24.5.0 Darwin Kernel Version 24.5.0: Tue Apr 22 19:48:46 PDT 2025; root:xnu-11417.121.6~2/RELEASEARM64T8103) 64-bit; CLR: .NET 9.0.9
2026-01-31 18:00:28.476 INFO WebSocketClient(2)[1] WebSocket: Connecting to 'wss://xxx.xxx.0.1:port/maintenance'...
2026-01-31 18:00:28.476 INFO WebSocketClient(2)[1] Info: Assembly: Rebex.WebSocket 7.0.8720 for .NET 8.0
2026-01-31 18:00:28.476 INFO WebSocketClient(2)[1] Info: Platform: iOS (Darwin 24.5.0 Darwin Kernel Version 24.5.0: Tue Apr 22 19:48:46 PDT 2025; root:xnu-11417.121.6~2/RELEASEARM64T8103) 64-bit; CLR: .NET 9.0.9
2026-01-31 18:00:28.484 INFO WebSocketClient(2)[16] HTTP: Connecting to 'https://xxx.xxx.0.1:port'...
2026-01-31 18:00:28.713 INFO WebSocketClient(2)[16] TLS: Fatal Alert:HandshakeFailure was received.
2026-01-31 18:00:28.736 ERROR WebSocketClient(2)[16] HTTP: Error while sending request: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
at xoaqd.tfdcv.afkck(Byte[] p0, Int32 p1, Int32 p2)
at xoaqd.gkalo.bafky(Byte[] p0, Int32 p1, Int32 p2)
at xoaqd.gkalo.sbpqr()
--- End of inner exception stack trace ---
at xoaqd.gkalo.sbpqr()
at xoaqd.gkalo.iblqr()
at xoaqd.kkpkm.tfmmk()
at xoaqd.kkpkm.yeisg()
at Rebex.Net.TlsSocket.srugk()
at Rebex.Net.TlsSocket.Negotiate()
at xoaqd.uyyjp.pyfbt(ISocket p0, TlsCipher& p1)
at xoaqd.uyyjp.dxnpe()
at xoaqd.krjti.rzopz()
at xoaqd.krjti.nthub(Boolean p0)
at xoaqd.krjti.bdzva()

Could you please help clarify:

  • Whether this behavior change is expected for secure WebSocket (WSS) connections in .NET 9 MAUI?
  • What the recommended approach is to make SSL validation work correctly for WebSockets without disabling certificate checks?

Thank you for your support.

Applies to: Rebex WebSocket

1 Answer

+1 vote
by (151k points)

First of all, please be aware that v7.0.8720 of Rebex WebSocket library does not support .NET 9 or .NET 10, and is not actually expected to work on these platforms. It has been published before these platforms existed, has never been tested on them. If it works at all, compatibility issues are to be expected, particularly on mobile platforms, which has seen lot of updates in .NET 9 and .NET 10, some of which we had to address in subsequent releases of Rebex WebSocket.

As for the "Fatal error 'HandshakeFailure' has been reported by the remote connection end" error - it's not even clear yet whether this is related to certificate validation at all. A log created at LogLevel.Debug might shed some light onto this. However, it would really be useful to try using a more recent version of Rebex WebSocket library that actually supports .NET 9 and has been tested on it.

ago by (270 points)
Hi Lukas,
Thank you for your response and suggestion. We are currently working on upgrading our library as recommended.
However, we would also like to further investigate this issue to ensure it is not occurring due to certificate validation. We are assuming it may be related to validation, as the connection works properly when the property SSLAcceptsAllCertificates is set to true.
I have attached the Rebex log with Debug-level information for your reference.


2026-02-12 12:17:06.558 Opening log file.
2026-02-12 12:17:06.559 INFO FileLogWriter(1)[1] Info: Assembly: Rebex.Common 7.0.8720 for .NET 8.0
2026-02-12 12:17:06.565 INFO FileLogWriter(1)[1] Info: Platform: iOS (Darwin 25.2.0 Darwin Kernel Version 25.2.0: Fri Jan  9 18:27:38 PST 2026; root:xnu-12377.62.10~267/RELEASE_ARM64_T8103) 64-bit ARM; CLR: .NET 9.0.9
2026-02-12 12:17:06.566 DEBUG FileLogWriter(1)[1] Info: Culture: en; windows-1252
2026-02-12 12:17:12.956 INFO WebSocketClient(2)[1] WebSocket: Connecting to 'wss://xxx.xxx.0.1:xxxx/maintenance'...
2026-02-12 12:17:12.956 INFO WebSocketClient(2)[1] Info: Assembly: Rebex.WebSocket 7.0.8720 for .NET 8.0
2026-02-12 12:17:12.956 INFO WebSocketClient(2)[1] Info: Platform: iOS (Darwin 25.2.0 Darwin Kernel Version 25.2.0: Fri Jan  9 18:27:38 PST 2026; root:xnu-12377.62.10~267/RELEASE_ARM64_T8103) 64-bit ARM; CLR: .NET 9.0.9
2026-02-12 12:17:12.956 DEBUG WebSocketClient(2)[1] Info: Culture: en; windows-1252
2026-02-12 12:17:12.960 INFO WebSocketClient(2)[4] HTTP: Connecting to 'https://xxx.xxx.0.1:xxxx'...
2026-02-12 12:17:12.963 DEBUG WebSocketClient(2)[4] Proxy: Connecting to xxx.xxx.0.1:xxxx (no proxy).
2026-02-12 12:17:12.975 DEBUG WebSocketClient(2)[4] Proxy: Connection established.
2026-02-12 12:17:13.012 DEBUG WebSocketClient(2)[4] TLS: Using classic TLS core.
2026-02-12 12:17:13.013 DEBUG WebSocketClient(2)[4] TLS: Enabled cipher suites: 0x0C1F3CC32B000000.
2026-02-12 12:17:13.013 DEBUG WebSocketClient(2)[4] TLS: Applicable cipher suites: 0x0C1F3CC32B000000.
2026-02-12 12:17:13.040 DEBUG WebSocketClient(2)[4] TLS: HandshakeMessage:ClientHello was sent.
2026-02-12 12:17:13.064 DEBUG WebSocketClient(2)[4] TLS: HandshakeMessage:ServerHello was received.
2026-02-12 12:17:13.065 INFO WebSocketClient(2)[4] TLS: Negotiating TLS 1.2, ECDSA with ephemeral ECDH, AES with 256-bit key in GCM mode, AEAD.
2026-02-12 12:17:13.065 DEBUG WebSocketClient(2)[4] TLS: The server supports secure renegotiation.
2026-02-12 12:17:13.065 DEBUG WebSocketClient(2)[4] TLS: Extended master secret is enabled.
2026-02-12 12:17:13.065 DEBUG WebSocketClient(2)[4] TLS: HandshakeMessage:Certificate was received.
2026-02-12 12:17:13.068 DEBUG WebSocketClient(2)[4] TLS: HandshakeMessage:ServerKeyExchange was received.
2026-02-12 12:17:13.068 DEBUG WebSocketClient(2)[4] TLS: HandshakeMessage:CertificateRequest was received.
2026-02-12 12:17:13.068 DEBUG WebSocketClient(2)[4] TLS: HandshakeMessage:ServerHelloDone was received.
2026-02-12 12:17:13.069 DEBUG WebSocketClient(2)[4] TLS: Verifying server certificate ('Description=1.3.6.1.4.1.20219.3.2.1.2, CN=80012968120000440335000120633').
...