HTTPS download and Upload

S Abijith 346 Reputation points
2020-12-17T06:20:09.127+00:00

Hello,
We are trying to implement HTTPS protocol for getting a file from a device and putting a file on a device. We are currently using .net framework 4.5 and it is a WPF application. We need to use the below two cipher suites on TLS:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    Can anyone please let us know how we can implement this?

We have attached the code that we have written for getting a file from a device and putting a file on a device in the question.

Any help would be very helpful.
Thank you!49032-getfile.txt48934-putfile.txt

Windows Presentation Foundation
Windows Presentation Foundation
A part of the .NET Framework that provides a unified programming model for building line-of-business desktop applications on Windows.
2,669 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,223 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Timon Yang-MSFT 9,571 Reputation points
    2020-12-28T08:16:42.787+00:00

    After investigation, we found that cipher suites can only be specified in .NET 5 and must be in Linux or macOS.
    If you use Linux or macOS with OpenSSL 1.1.1 or later, you can initialize an instance of the CipherSuitesPolicy class and use it like this:

                if (!RuntimeInformation.IsOSPlatform(OSPlatform.Linux))  
                {  
                    stream.AuthenticateAsClient("*", x509Certificate2Collection, sslProtocol, sslCertRevocationCheck);  
                }  
                else  
                {  
                    //stream.AuthenticateAsClient("*", x509Certificate2Collection, sslProtocol, sslCertRevocationCheck);  
                    var sslClientOptions = new SslClientAuthenticationOptions()  
                    {  
                        CertificateRevocationCheckMode = sslCertRevocationCheck ? X509RevocationMode.Offline : X509RevocationMode.NoCheck,  
                        ClientCertificates = x509Certificate2Collection,  
                        EnabledSslProtocols = sslProtocol,  
                        TargetHost = "*",  
                        RemoteCertificateValidationCallback = ClientValidatingServerCertificate,  
                        LocalCertificateSelectionCallback = FixClientCertificate,  
    
                        //Initialize an instance of the CipherSuitesPolicy class.  
                        CipherSuitesPolicy = new CipherSuitesPolicy(new List<TlsCipherSuite>() { Enum.Parse<TlsCipherSuite>(cipherSpec) })  
                    };  
                    TrText(method, $"Setting Cipher for AuthenticateAsClient {string.Join(':', sslClientOptions.CipherSuitesPolicy.AllowedCipherSuites)}");  
                    stream.AuthenticateAsClient(sslClientOptions);  
                }  
    

    Related documents and posts for reference:
    CipherSuitesPolicy Class
    TlsCipherSuite Enum
    How to force CipherSpec to specific value connecting to IBM MQ from RHEL using .net core. Get rid of CompCode: 2 Reason: 2059


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.