SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

IArun74 · 2015-07-14T14:47:05Z

SSL_get0_alpn_selected() returns null. I’m using standard openssl console client and my own server (with ManagedOpenSsl.dll)

The exception is – "Cant get selected protocol. See if ALPN was included into client/server hello");

public static extern void SSL_get0_alpn_selected(IntPtr ssl, out IntPtr data, out int len);

Exception thrown from the following code in ssl.cs

public string AlpnSelectedProtocol
        {
            get
            {
                var ptr = new IntPtr();
                var len = 0;

                Native.SSL_get0_alpn_selected(Handle, out ptr, out len);

                if (ptr == IntPtr.Zero)
                    throw new AlpnException("Cant get selected protocol. See if ALPN was included into client/server hello");

                var buf = new byte[len];
                Marshal.Copy(ptr, buf, 0, len);
                return Encoding.ASCII.GetString(buf, 0, len);
            }
        }

Here is my client commands, that I tried.

C:\OpenSSL-Win32\bin>openssl s_client -connect 192.168.1.51:443 -alpn 'tls_1, tls1_1, tls1_2'

C:\OpenSSL-Win32\bin>openssl s_client -connect 192.168.1.51:443 -alpn 'tls1_2’

Any help would be appreciated.

-Arun

The text was updated successfully, but these errors were encountered:

flaub · 2015-07-14T14:50:11Z

@IArun74 which version of the wrapper are you using? Which version of the native library are you using?

IArun74 · 2015-07-14T14:54:49Z

I'm using ManagedOpenSsl for 2.0 .NET Framework, is based on version 1.0.2a of libeay32.dll and ssleay32.dll. I have tried to link with 1.0.2d native dlls as well, same exception was thrown.

flaub · 2015-07-14T14:57:00Z

@IArun74 Do you know what version of ManagedOpenSsl.dll you are using? How did you get it? If you built it from source, what commit are you using?

IArun74 · 2015-07-14T14:59:37Z

I got the source from this link - https://github.com/openssl-net/openssl-net. I took the source a week ago.

IArun74 · 2015-07-14T15:07:54Z

Should I need to get the latest ManagedOpenSsl.dll from a most latest commit ?

flaub · 2015-07-14T15:11:06Z

ALPN support is a new feature, perhaps it's not fully baked yet. It is required for implementing TLS + HTTP/2. If you don't need this, you can try an earlier release. (any commit before 7a4383b)

In any case, looks like there are at least 2 things wrong here:

ALPN needs to have the ability to be enabled with the default being false.
It appears that even when a client specifies ALPN support, this exception is being thrown.

I'm unfamiliar with the -alpn argument for s_client.

What we need to do here is write a test that reproduces the issue.

IArun74 · 2015-07-14T15:19:58Z

We need have ManagedOpenSsl.dll that supports TLSv1.2 at minimum. Do you mean any commit older than 7a4383b, have no support for TLS?

flaub · 2015-07-14T15:24:17Z

I mean ALPN was introduced in 0a17a2a. ALPN is only needed for protocols that require the next protocol to be negotiated by the application layer (Application Layer Protocol Negotiation). This is a TLS extension; the only application I'm aware of that requires this extension is HTTP/2.

IArun74 · 2015-07-14T15:42:13Z

Thanks, Just want to make sure onething here. Currently, the ManagedOpenSsl.dll version I downloaded from github links with 1.0.2a of libeay32.dll and ssleay32.dll. Can I relink with the latest libeay32.dll and ssleay32.dlls (1.0.2d) ? second thing I want to make sure is, Is this ManagedOpenSsl.dll source has any option to support TLSv1.2 explicitly ? or by default it chooses the higher version of TLS ?

rforbes · 2015-08-13T08:13:46Z

I am having this same issue as well. What can I do on my end to help?

rforbes · 2015-08-13T18:34:17Z

Turns out, this is not my issue, heh, I should learn to keep debugging before posting an issue. I will be making a new issue, you can ignore my comments on this one.

tebeco · 2015-11-30T18:06:23Z

@rforbes
What was the cause in your case ?
I'm rewriting code & UnitTest and I got this issue too. I do understand there's lots of chance the issues comes from me but I can't get my hands on it.
Can you be a bit more explicit :p ?

rforbes · 2015-12-01T02:00:49Z

I had a combination of two problems that I created two seperate issues for.

#26
#27

-r

mezhavecis · 2016-07-29T07:16:03Z

Hi! I also stopped on same problem with latest package. Spending some time on investigation an 6119 d uncommenting row 530 in SslStream.cs class solution started work with TLS12. Can anybody say what do this code and where property AlpnSelectedProtocol is used? Despite of used protocol function SSL_get0_alpn_selected always returning zero pointer.

AlpnSelectedProtocol = sslStream.ssl.AlpnSelectedProtocol;

flaub closed this as completed Jul 14, 2015

flaub reopened this Jul 14, 2015

flaub changed the title ~~Openssl.NET - SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol...~~ SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... Jul 14, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

SSL_get0_alpn_selected() returns NULL and throws exception - "Cant get selected protocol... #24

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!