 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / September 2007Secure Communication with Routers
Greeting all, I have a question of secure communication between a vb.net 2005 app and cisco routers. I appoligize if I don't provide enough info but here goes. I have written an application that successfully communicates with routers using unsecure sockets (system.net.sockets). I need to change that to use secure communication. I have been trying to get SslStream (system.net.security) to work. I have read all the documentation but nothing is working. I am creating a TCPClient then using that client in the SslStream creation. I'm not getting an error on the SslStream creation but I'm not convinced that it's working. I do get the error when I try to AuthenticateAsClient. The error I get is "Handshake failed due to unexpected packet format." here is the code public function ValidateServerCertificate(object sender,X509Certificate certificate, X509Chain chain,SslPolicyErrors sslPolicyErrors) as boolean if (sslPolicyErrors = SslPolicyErrors.None) return true end if Console.WriteLine("Certificate error: {0}", sslPolicyErrors); 'Do not allow this client to communicate with unauthenticated servers. return false end function sub... ... client TcpClient = new TcpClient(IPAddressofRouter,443) sslStream SslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback (AddressOf ValidateServerCertificate), null) sslStream.AuthenticateAsClient(serverName) ... I noticed when I step through my code, ValidateServerCertificate never gets called. I'm not exactly sure how that part works. Any ideas what may be wrong? Is this actually the best approach? Any help is GREATLY appreciated. Thanks Tom Hello, Tom! What version of SSL/TLS does that cisco router use? And what version did you specify in your code? -- With best regards, Vadym Stetsiak. Blog: http://vadmyst.blogspot.com You wrote on Tue, 25 Sep 2007 19:10:03 -0700: T> Greeting all, T> I have a question of secure communication between a vb.net 2005 app T> and cisco routers. I appoligize if I don't provide enough info but T> here goes. T> I have written an application that successfully communicates with T> routers using unsecure sockets (system.net.sockets). I need to T> change that to use secure communication. T> I have been trying to get SslStream (system.net.security) to work. I T> have read all the documentation but nothing is working. I am T> creating a TCPClient then using that client in the SslStream T> creation. I'm not getting an error on the SslStream creation but T> I'm not convinced that it's working. I do get the error when I try T> to AuthenticateAsClient. The error I get is "Handshake failed due T> to unexpected packet format." T> here is the code T> public function ValidateServerCertificate(object T> sender,X509Certificate certificate, X509Chain chain,SslPolicyErrors T> sslPolicyErrors) as boolean T> if (sslPolicyErrors = SslPolicyErrors.None) T> return true end if T> Console.WriteLine("Certificate error: {0}", T> sslPolicyErrors); T> 'Do not allow this client to communicate with T> unauthenticated servers. T> return false end function T> sub... T> ... T> client TcpClient = new TcpClient(IPAddressofRouter,443) T> sslStream SslStream = new SslStream(client.GetStream(), false, T> new RemoteCertificateValidationCallback (AddressOf T> ValidateServerCertificate), null) T> sslStream.AuthenticateAsClient(serverName) T> ... T> I noticed when I step through my code, ValidateServerCertificate T> never gets called. I'm not exactly sure how that part works. T> Any ideas what may be wrong? T> Is this actually the best approach? T> Any help is GREATLY appreciated. T> Thanks T> Tom Vadyn, Thanks for the reply. The router has versions 1.5 & 2. I do not specify any version in code (that I know of). Thanks again. Tom > Hello, Tom! > [quoted text clipped - 60 lines] > T> Thanks > T> Tom Hello! You wrote on Wed, 26 Sep 2007 10:22:00 -0700: T> The router has versions 1.5 & 2. I do not specify any version in code T> (that I know of). Thanks again. 1.5 and 2 are not valid SSL versions. I would assume that the routers use SSH, not SSL (this is more common). In this case 1.5 and 2 make certain sense. SSH is not SSL and SSH sockets are not available in .NET Framework because SSH provides more than just a secured socket (it's architecture is more complex). For SSH support you can check http://www.eldos.com/sbb/net-ssh.php With best regards, Eugene Mayevski http://www.SecureBlackbox.com - the comprehensive component suite for network security Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.