question

HerbertFalk-1674 avatar image
0 Votes"
HerbertFalk-1674 asked

Problem with HTTPS in ASP.NET Core 3.1 using Kestrel and GRPC

The last windows patch seems to have broken the ability of Browsers to connect to the application using HTTPS.

The APP is ASP.NET Core 3.1 based and uses Kestrel and GRPC (both using port 5001).

Kestrel configuration was changed to restrict it to TLS 1.2 (hoping this would fix the issue):

                bld = Host.CreateDefaultBuilder(args)
                        .ConfigureLogging(config => {                      //added to clear logging providers
                           config.ClearProviders();
                       })
                      .ConfigureWebHostDefaults(webBuilder =>
                      {
                          webBuilder.UseKestrel(options =>
                          {
                              options.AddServerHeader = false;
                              //added by HSF to try and get HTTPS to use TLS1.2
                              options.ConfigureHttpsDefaults(s =>
                              {
                                  **s.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
                                  s.ServerCertificate = cert;
                                  //s.SslProtocols = SslProtocols.Tls12;**
                              });
                              options.Listen(IPAddress.Any, 5000);
                              options.Listen(IPAddress.Any, 5001, listenOptions =>
                              {
                                  listenOptions.UseHttps(cert);

                              });
                          });
                          webBuilder.UseUrls(urls);
                          webBuilder.UseStartup<Startup>();
                      }).UseWindowsService();
             }

The "cert" is self-signed with the following usages:

            request.CertificateExtensions.Add(
                 new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyAgreement, false));


GRPC is also using port 5001.

This all was working previously.

Chrome gives the indication of: ERR_SSL_PROTOCOL_ERROR when attempting to connect. Tried Firefox, Brave, Opera, and Edge all had issues.

Any ideas?


dotnet-aspnet-core-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers