Я использую HttpClient. net ядро с:
clientHandler.ClientCertificates.Add(cert);
_clientHandler.ServerCertificateCustomValidationCallback=VerifyServerCertificate;
_clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
_clientHandler.SslProtocols= SslProtocols.Tls13;
HttpClient Client = new HttpClient(_clientHandler);
на стороне узла (у меня версия узла v12.8.0). Я устанавливаю параметры сервера следующим образом:
var options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-crt.pem'),
ca: fs.readFileSync(config.ca),
requestCert: true,
rejectUnauthorized: true,
enableTrace: true,
minVersion: 'TLSv1.3',
maxVersion: 'TLSv1.3'
};
вот трассировка tls:
Received Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 223
ClientHello, Length=219
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xEEC5687E
random_bytes (len=28): 24761EF6E5B5B89F5333E9BCF87A28E55A4B598DDB0848049 A66DA26
session_id (len=0):
cipher_suites (len=56)
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 122
extension_type=server_name(0), length=30
0000 - 00 1c 00 00 19 74 65 73-74 2e 61 72 74 69 73 .....test.artis
000f - 61 6e 6d 65 64 69 63 61-6c 2e 63 6f 2e 69 6c anmedical.co.il
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=10
ecdh_x25519 (29)
secp256r1 (P-256) (23)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=signature_algorithms(13), length=32
rsa_pkcs1_sha512 (0x0601)
dsa_sha512 (0x0602)
ecdsa_secp521r1_sha512 (0x0603)
rsa_pkcs1_sha384 (0x0501)
dsa_sha384 (0x0502)
ecdsa_secp384r1_sha384 (0x0503)
rsa_pkcs1_sha256 (0x0401)
dsa_sha256 (0x0402)
ecdsa_secp256r1_sha256 (0x0403)
rsa_pkcs1_sha224 (0x0301)
dsa_sha224 (0x0302)
ecdsa_sha224 (0x0303)
rsa_pkcs1_sha1 (0x0201)
dsa_sha1 (0x0202)
ecdsa_sha1 (0x0203)
extension_type=next_proto_neg(13172), length=0
extension_type=application_layer_protocol_negotiation(16), length=14
h2
http/1.1
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Alert (21)
Length = 2
Level=fatal(2), description=protocol version(70)
Ошибка на стороне c#: клиент и сервер не могут общаться, потому что у них нет общего алгоритма.
Почему узел использует tls1.2, когда я устанавливаю minVersion равным 1,3?