C# tls1.3 异常：无法确定帧大小或收到损坏的帧

Question

我想测试tls1.3，所以我在VS 2019（版本16.7.7）中创建了一个控制台应用程序，目标框架是.NET Core 3.1。

我的程序.cs

using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace TestSsl {
    class Program {
        static void Main(string[] args) {
            SslProtocols protocol = SslProtocols.Tls13;
            Console.WriteLine($"testing SslProtocols.{protocol}");
            int port = 1999;
            RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
                return (true);
            };
            X509Certificate2 serverCert = new X509Certificate2("server.pfx", "testpass123");
            X509Certificate2 clientCert = new X509Certificate2("client.pfx", "testpass123");
            TcpListener server = TcpListener.Create(port);
            server.Server.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true);
            server.Server.NoDelay = true;
            server.Server.SetSocketOption(SocketOptionLevel.IPv6, SocketOptionName.IPv6Only, false);
            server.Start();
            Task taskServer = Task.Run(() => {
                TcpClient romoteClient = server.AcceptTcpClient();
                Task.Run(() => {
                    using(romoteClient) {
                        using(SslStream sslStreamRomoteClient = new SslStream(romoteClient.GetStream(), false, certificateValidationCallback)) {
                            try {
                                sslStreamRomoteClient.AuthenticateAsServer(serverCert, true, protocol, true);
                                byte[] buf = new byte[1000];
                                int len = sslStreamRomoteClient.Read(buf, 0, buf.Length);
                                string receive = Encoding.UTF8.GetString(buf, 0, len);
                                Console.WriteLine($"server receive:{receive}");
                                sslStreamRomoteClient.Write(Encoding.UTF8.GetBytes("Ok"));
                                Console.WriteLine($"server send:Ok");
                            } catch(Exception ex) {
                                Console.WriteLine(ex);
                            }
                        }
                    }
                }).Wait();
            });
            Task taskClient = Task.Run(() => {
                try {
                    using(TcpClient client = new TcpClient()) {
                        client.Connect("127.0.0.1", port);
                        using(SslStream sslStreamClient = new SslStream(client.GetStream(), false, certificateValidationCallback)) {
                            sslStreamClient.AuthenticateAsClient("127.0.0.1", new X509CertificateCollection() { clientCert }, protocol, true);
                            string send = "hi, i am testing tls";
                            sslStreamClient.Write(Encoding.UTF8.GetBytes(send));
                            Console.WriteLine($"client send:{send}");
                            byte[] buf = new byte[1000];
                            int len = sslStreamClient.Read(buf);
                            string receive = Encoding.UTF8.GetString(buf, 0, len);
                            Console.WriteLine($"client receive:{receive}");
                        }
                    }
                } catch(Exception ex) {
                    Console.WriteLine(ex);
                }
            });
            Task.WaitAll(taskClient, taskServer);
        }
    }
}

然后根据how to enable TLS 1.3 in windows 10，我在 regedit 中启用了 TLS 1.3。

我的电脑信息：

然后我调试我的项目并遇到异常

调试控制台：

这些pfx证书有什么要求吗？

如何解决这个异常？请帮忙。谢谢。

Answer 1

目前 Windows 10 的最高版本是 20H2(OS Build 19042.630)。 TLS1.3 服务器只有在TLS1.3 server is enabled in regedit 时才能正常工作。但是即使TLS1.3 client is enabled in regedit，TLS1.3 客户端也不起作用。目前 TLS1.3 客户端仅适用于Windows 10 Insider Preview Build 20170。