SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

IArun74 · 2015-07-14T14:47:05Z

SSL_get0_alpn_selected() returns null. I’m using standard openssl console client and my own server (with ManagedOpenSsl.dll)

The exception is – "Cant get selected protocol. See if ALPN was included into client/server hello");

public static extern void SSL_get0_alpn_selected(IntPtr ssl, out IntPtr data, out int len);

Exception thrown from the following code in ssl.cs

public string AlpnSelectedProtocol
        {
            get
            {
                var ptr = new IntPtr();
                var len = 0;

                Native.SSL_get0_alpn_selected(Handle, out ptr, out len);

                if (ptr == IntPtr.Zero)
                    throw new AlpnException("Cant get selected protocol. See if ALPN was included into client/server hello");

                var buf = new byte[len];
                Marshal.Copy(ptr, buf, 0, len);
                return Encoding.ASCII.GetString(buf, 0, len);
            }
        }

Here is my client commands, that I tried.

C:\OpenSSL-Win32\bin>openssl s_client -connect 192.168.1.51:443 -alpn 'tls_1, tls1_1, tls1_2'

C:\OpenSSL-Win32\bin>openssl s_client -connect 192.168.1.51:443 -alpn 'tls1_2’

Any help would be appreciated.

-Arun

The text was updated successfully, but these errors were encountered:

flaub · 2015-07-14T14:50:11Z

@IArun74 which version of the wrapper are you using? Which version of the native library are you using?

IArun74 · 2015-07-14T14:54:49Z

I'm using ManagedOpenSsl for 2.0 .NET Framework, is based on version 1.0.2a of libeay32.dll and ssleay32.dll. I have tried to link with 1.0.2d native dlls as well, same exception was thrown.

flaub · 2015-07-14T14:57:00Z

@IArun74 Do you know what version of ManagedOpenSsl.dll you are using? How did you get it? If you built it from source, what commit are you using?

IArun74 · 2015-07-14T14:59:37Z

I got the source from this link - https://github.com/openssl-net/openssl-net. I took the source a week ago.

IArun74 · 2015-07-14T15:07:54Z

Should I need to get the latest ManagedOpenSsl.dll from a most latest commit ?

flaub · 2015-07-14T15:11:06Z

ALPN support is a new feature, perhaps it's not fully baked yet. It is required for implementing TLS + HTTP/2. If you don't need this, you can try an earlier release. (any commit before 7a4383b)

In any case, looks like there are at least 2 things wrong here:

ALPN needs to have the ability to be enabled with the default being false.
It appears that even when a client specifies ALPN support, this exception is being thrown.

I'm unfamiliar with the -alpn argument for s_client.

What we need to do here is write a test that reproduces the issue.

IArun74 · 2015-07-14T15:19:58Z

We need have ManagedOpenSsl.dll that supports TLSv1.2 at minimum. Do you mean any commit older than 7a4383b, have no support for TLS?

flaub · 2015-07-14T15:24:17Z

I mean ALPN was introduced in 0a17a2a. ALPN is only needed for protocols that require the next protocol to be negotiated by the application layer (Application Layer Protocol Negotiation). This is a TLS extension; the only application I'm aware of that requires this extension is HTTP/2.

IArun74 · 2015-07-14T15:42:13Z

Thanks, Just want to make sure onething here. Currently, the ManagedOpenSsl.dll version I downloaded from github links with 1.0.2a of libeay32.dll and ssleay32.dll. Can I relink with the latest libeay32.dll and ssleay32.dlls (1.0.2d) ? second thing I want to make sure is, Is this ManagedOpenSsl.dll source has any option to support TLSv1.2 explicitly ? or by default it chooses the higher version of TLS ?

rforbes · 2015-08-13T08:13:46Z

I am having this same issue as well. What can I do on my end to help?

8000

rforbes · 2015-08-13T18:34:17Z

Turns out, this is not my issue, heh, I should learn to keep debugging before posting an issue. I will be making a new issue, you can ignore my comments on this one.

tebeco · 2015-11-30T18:06:23Z

@rforbes
What was the cause in your case ?
I'm rewriting code & UnitTest and I got this issue too. I do understand there's lots of chance the issues comes from me but I can't get my hands on it.
Can you be a bit more explicit :p ?

rforbes · 2015-12-01T02:00:49Z

I had a combination of two problems that I created two seperate issues for.

#26
#27

-r

mezhavecis · 2016-07-29T07:16:03Z

Hi! I also stopped on same problem with latest package. 6140 Spending some time on investigation and uncommenting row 530 in SslStream.cs class solution started work with TLS12. Can anybody say what do this code and where property AlpnSelectedProtocol is used? Despite of used protocol function SSL_get0_alpn_selected always returning zero pointer.

AlpnSelectedProtocol = sslStream.ssl.AlpnSelectedProtocol;

flaub closed this as completed Jul 14, 2015

flaub reopened this Jul 14, 2015

flaub changed the title ~~Openssl.NET - SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol...~~ SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... Jul 14, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!