Problem with TLS 1.2 on mono to webdav

I’m trying to connect to a webdav share on my hosting provider. The username has an @ sign in it. When I put this information into Duplicati and test the connection I get an error writing headers. Stack trace is below.

System.Net.WebException: Error: SendFailure (Error writing headers) —> System.Net.WebException: Error writing headers —> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. —> System.IO.IOException: EndRead failure —> System.Net.Sockets.SocketException: Connection reset by peer at System.Net.Sockets.Socket.EndReceive (IAsyncResult result) <0x407cf770 + 0x000a3> in :0 at System.Net.Sockets.NetworkStream.EndRead (IAsyncResult ar) <0x407cf630 + 0x00057> in :0 — End of inner exception stack trace — at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x40886290 + 0x0010b> in :0 at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x408861d0 + 0x0002b> in :0 at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x40881170 + 0x0022b> in :0 — End of inner exception stack trace — at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x408b8750 + 0x000c7> in :0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x408b84e0 + 0x00086> in :0 —> System.IO.IOException: The authentication or decryption has failed. —> System.IO.IOException: EndRead failure —> System.Net.Sockets.SocketException: Connection reset by peer at System.Net.Sockets.Socket.EndReceive (IAsyncResult result) <0x407cf770 + 0x000a3> in :0 at System.Net.Sockets.NetworkStream.EndRead (IAsyncResult ar) <0x407cf630 + 0x00057> in :0
— End of inner exception stack trace — at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x40886290 + 0x0010b> in :0 at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x408861d0 + 0x0002b> in :0 at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x40881170 + 0x0022b> in :0 — End of inner exception stack trace — at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x408b8750 + 0x000c7> in :0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x408b84e0 + 0x00086> in :0 — End of inner exception stack trace — at System.Net.WebConnection.EndWrite (System.Net.HttpWebRequest request, Boolean throwOnError, IAsyncResult result) <0x408b94d0 + 0x00207> in :0 at System.Net.WebConnectionStream+c__AnonStorey1.<>m__0 (IAsyncResult r) <0x408b8db0 + 0x00143> in :0 — End of inner exception stack trace — --- End of inner exception stack trace — at Duplicati.Library.Utility.AsyncHttpRequest+AsyncWrapper.GetResponseOrStream () <0x40870410 + 0x0010b> in :0 at Duplicati.Library.Utility.AsyncHttpRequest.GetRequestStream (Int64 contentlength) <0x4086b7b0 + 0x00423> in :0 at Duplicati.Library.Backend.WEBDAV.List () <0x408c8e70 + 0x00223> in :0

Based on the error, it looks like an SSL error. Does it work with a username that has no @ in it?

If it is an SSL error, try running cert-sync and make sure you are using the latest version of Mono (from Xamarin, should be 5.x+).

I do get the same error when I specify a username without an @, so the SSL error makes sense.

I ran cert-sync and there were no new certificates. I’m using mono 4.2.1.0 as shipped with Ubuntu 16.04. I tried it on an Ubuntu 17.10 system using mono 4.6.2 and got the following error:

System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) —> System.IO.IOException: The authentication or decryption has failed. —> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. —> System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer. —> System.Net.Sockets.SocketException: Connection reset by peer at System.Net.Sockets.Socket.EndReceive (System.IAsyncResult result) [0x00033] in :0 at System.Net.Sockets.NetworkStream.EndRead (System.IAsyncResult asyncResult) [0x0005f] in :0 — End of inner exception stack trace — at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 — End of inner exception stack trace — at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 —> System.IO.IOException: Unable to write data to the transport connection: The socket is not connected. —> System.Net.Sockets.SocketException: The socket is not connected at System.Net.Sockets.Socket.BeginSend (System.Byte[] buffer, System.Int32 offset, System.Int32 size, System.Net.Sockets.SocketFlags socket_flags, System.AsyncCallback callback, System.Object state) [0x0002b] in :0 at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, System.Int32 offset, System.Int32 size, System.AsyncCallback callback, System.Object state) [0x000b4] in :0 — End of inner exception stack trace — at System.Net.Sockets.NetworkStream.BeginWrite (System.Byte[] buffer, System.Int32 offset, System.Int32 size, System.AsyncCallback callback, System.Object state) [0x00113] in :0 at Mono.Security.Protocol.Tls.RecordProtocol.BeginSendRecord (Mono.Security.Protocol.Tls.ContentType contentType, System.Byte[] recordData, System.AsyncCallback callback, System.Object state) [0x00026] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.RecordProtocol.SendRecord (Mono.Security.Protocol.Tls.ContentType contentType, System.Byte[] recordData) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (Mono.Security.Protocol.Tls.Alert alert) [0x00027] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (System.Exception& ex) [0x00021] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 — End of inner exception stack trace — --- End of inner exception stack trace — at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00057] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in :0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000e] in :0 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x00044] in :0 — End of inner exception stack trace — at Duplicati.Library.Utility.AsyncHttpRequest+AsyncWrapper.GetResponseOrStream () [0x0004d] in <1cb5198b00f34ae59d97ee7fe7a3a16c>:0 at Duplicati.Library.Utility.AsyncHttpRequest.GetRequestStream (System.Int64 contentlength) [0x0007f] in <1cb5198b00f34ae59d97ee7fe7a3a16c>:0 at Duplicati.Library.Backend.WEBDAV.List () [0x0004a] in :0

The host is https://riverspeylabs.com. I see that it has a Comodo CA. I tried adding that CA with certmgr and that didn’t appear to help. tlstest shows the site failing:

mono tlstest.exe https://riverspeylabs.com

https://riverspeylabs.com
FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. —> System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00028] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x00035] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00076] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x00094] in <8f2c484307284b51944a1a13a14c0266>:0
at System.IO.StreamWriter.Flush () [0x00006] in <8f2c484307284b51944a1a13a14c0266>:0
at TlsTest.GetStreamPage (System.String url) [0x000c2] in <7ad9caa5280c42fa9e47b5cc3d9b1e0e>:0
at TlsTest.Main (System.String[] args) [0x002aa] in <7ad9caa5280c42fa9e47b5cc3d9b1e0e>:0

I also tried turning on accept any ssl certificate and that didn’t work either.

I installed mono version 5.10.1.20 in a VM (so that I don’t mess up my existing system) and used tlstest with the site and got the same error.

So I’ve run this to ground, it’s a problem with the site requiring TLS 1.2 and me using mono 4.6 which doesn’t support TLS 1.2. Upgrading to 5.10 fixes the problem.

Good job figuring that out!

Let me know if you object but I went ahead and flagged your “update to 5.10” post as the Solution and tweaked the title to indicate it’s a mono issue.

1 Like