views:

236

answers:

1

We have a client/server based architecture where many clients (written in Java) connect to the server (using a custom protocol), and all comms use SSL. The server used to be written in Delphi and used OpenSSL for SSL support. We did a complete rewrite of the server in .Net 3.5 SP1 and have the SSL working fine using SslStream over a TcpClient socket connection.

The problem is that clients can be configured to not use any encryption in the SSL connection, thereby improving performance in secure environments (e.g. a LAN). We haven't been able to find a way to tell SslStream that it should support the "no encryption" option, so our new server is just rejecting the clients during the SSL handshake. Is there some setting in the App.Config I can set to allow this? Or maybe some hidden setting I can get at via reflection?

Any help would be greatly appreciated, as it is unfortunately not an option for us to go and disable that setting on the thousands of clients currently out in the field.

As an aside: our server also sends multiple GB's worth of data to other servers that are frequently on the same secure network (using WCF). Is there an easy way to turn off encryption in that scenario?

Many thanks for your time!

+3  A: 

The SslStream object gets its list of permissible settings (e.g. protocols, hashes, ciphers) from the Registry of the system it's running on. By default null cipher suites are not present in the registry and therefore not permissible. The are however supported but have to be manually added. I've never added, only removed so I'm unsure how to do it but the following MSDN article should get you headed in the right direction.

http://msdn.microsoft.com/en-us/library/aa374757%28VS.85%29.aspx

CptSkippy
Thanks a lot for the info! I'm heading out the door to Tech-Ed (South Africa), but I'll give it a try at the end of next week.
Theodor Kleynhans