Invalid token exception received when using TLS1.3

Ram Subba Rao Chalamalasetti 1 Reputation point
2022-10-17T07:30:24.387+00:00

The following exception is thrown when using TLS1.3 for a .NET Framework/.NET Core application on Windows 11.I had set the registry keys to enable TLS1.3. The same setup works fine for TLS1.2. 

0000033F 23:38:22.014728   7456.1      ThreadId:1, MS_Source:System.Net.SocketsMessage: [2348] Exiting Socket#55196503::Receive() 	-> Int32#2001  
00000340 23:38:22.014728   7456.1     ------------}  MQExternalSourceTracer_MS rc=OK  
00000341 23:38:22.014728   7456.1     ------------{  MQExternalSourceTracer_MS  
00000342 23:38:22.014728   7456.1      ThreadId:1, MS_Source:System.NetMessage: [2348] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 58a3708:1175e, targetName = dotnet.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)  
00000343 23:38:22.014728   7456.1     ------------}  MQExternalSourceTracer_MS rc=OK  
00000344 23:38:22.014728   7456.1     ------------{  MQExternalSourceTracer_MS  
00000345 23:38:22.014728   7456.1      ThreadId:1, MS_Source:System.NetMessage: [2348] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=InvalidToken).  
00000346 23:38:22.014728   7456.1     ------------}  MQExternalSourceTracer_MS rc=OK  
00000347 23:38:22.014728   7456.1      System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid  
   --- End of inner exception stack trace ---  
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)  
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest, Boolean renegotiation)  
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest, Boolean renegotiation)  
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest, Boolean renegotiation)  
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)  
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest, Boolean renegotiation)  
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest, Boolean renegotiation)  
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)  
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,402 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,199 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,125 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jiachen Li-MSFT 26,671 Reputation points Microsoft Vendor
    2022-10-18T02:26:28.263+00:00

    Hi @Ram Subba Rao Chalamalasetti ,
    Are you confident the peer can handle Tls 1.3? If you force it will fail if the peer is not willing/able to do it.
    TLS protocol version support
    Best Regards.
    Jiachen Li

    ----------

    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments