question

McNielLat-7915 avatar image
0 Votes"
McNielLat-7915 asked PengDing-MSFT commented

Can WCF client initiate a TLS communication (netTCP)?

I have a WCF client running .Net 4.8, and I want to connect to our WCF service through an AWS Network Load Balancer that uses TLS listener. The problem is I cannot connect through it. I can connect properly when I am using a TCP listener in the NLB.

I contacted AWS support regarding this issue, and after some investigation, they confirmed that there is nothing wrong with my NLB configurations, and they advised me that my WCF client must initiate the TLS communication with the NLB's TLS listener to properly communicate through TLS.

But based on my research, the WCF service is the one dictating the security requirements for client. It is mentioned on the first line on this Microsoft resource. Is there a way to force my WCF client to initiate the TLS communication?

I already have in my client code:

 System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

and on my client config file, I have this on the binding config.

 <security mode="Transport">
   <transport clientCredentialType="None" 
   protectionLevel="EncryptAndSign"
   sslProtocols="Tls12" >
   </transport>
 </security> 

Also, when I inspected the packets during the successful communication on the TCP listener, after the TCP handshake, the client and service exchanges some info before initiating the TLS communication. Not sure if that matters but I just wanna state it.

Is there a way to force my WCF client to initiate the TLS communication?


windows-wcf
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Whether the client-side uses TLS is related to the server-side, because the binding of the client-side must be the same as that of the server-side.

0 Votes 0 ·

Hi @PengDing-MSFT , does this mean that a WCF client cannot initiate a TLS communication with a network load balancer that is waiting for a TLS/SSL Client Hello packet?

0 Votes 0 ·

Yes. Whether to use TSL depends on the server-side, we can’t do this on the client-side.

0 Votes 0 ·

0 Answers