André Snede

Developer blog

Category: .NET Framework

TLS PSK C# 0

.NET / .NET Core / .NET Framework

How to support TLS PSK in C# (Pre-shared key)

TLS PSK (Pre-shared key) support in C# and .NET is very hard to come by. And is not natively supported. The SSLStream class in both .NET framework and .NET Core does not currently support getting SSL/TLS connections with the PSK or PSK-DHE Ciphersuites. The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers.  https://nodejs.org/api/tls.html To actually make this work you have to look for alternatives such as SSL termination proxies, or other programming languages all together. Resources to look into: wolfSSL C# Wrapper The wolfSSL C# wrapper gives the ability to make use of the TLS/SSL security perfected from IoT and embedded devices in C# development....

The most dangerous constructor in .NET 12

.NET / .NET Core / .NET Framework

The most dangerous constructor in .NET

You should never instantiate a X509Certificate2 with the “new” keyword if you can avoid it, it is one of the most dangerous constructors in .NET – X509Certificate2, and if you do, you must be aware of these gotchas. Doing this wrong can mean you flood your disk with one-time use files, that are never removed. If you load in a new X509Certificate2 from a file by calling the public X509Certificate2 (string fileName, SecureString password); constructor, or similar constructor then you will without knowing it, create a brand new file on your disk, and this will happen every time you new it up. When you instantiate a X509Certificate2 from disk, say from a .pfx file, a new storage file of 3-4kb will be created in one of the following places depending...