Home SslStream.AuthenticateAsServer() blocks indefinitely
 I am trying to create an SMTPS server (for educational purposes, mostly) but I can't seem to authenticate the server using TLS. I got a certificate by using Certbot for Debian 8 (Jessie). I then combined the certificate and the private key into a .pfx file with \$ openssl pkcs12 -export -out fullcert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem and I load it using var cert = new X509Certificate2("fullcert.pfx", "password"); The certificate I got seems to be valid, as cert.ToString(true) seems to show the properties of the certificate correctly and the following code correctly encrypts/decrypts a string var str = "BeepBoop"; Console.WriteLine("Encrypting... ({0})", str); var enc = pubkey.Encrypt(System.Text.Encoding.UTF8.GetBytes(str), RSAEncryptionPadding.Pkcs1); Console.WriteLine("Decrypting..."); var dec = System.Text.Encoding.UTF8.GetString(privkey.Decrypt(enc, RSAEncryptionPadding.Pkcs1)); Console.WriteLine("Finished ({0})", dec);  Sorry for the messy code I then pass the certificate object to another object, which uses it in the following code: // PS: the server listens on port 25000 private void HandleClient(TcpClient client) { Console.WriteLine("[==] BeepBoop: connection on " + port); //client.ReceiveTimeout = client.SendTimeout = timeout; Stream stream = client.GetStream(); if(Certificate != null) { var sslStream = new SslStream(stream, false); Console.WriteLine("Authenticating..."); sslStream.AuthenticateAsServer(Certificate, false, SslProtocols.Tls, true); Console.WriteLine("Authenticated"); stream = sslStream; } Write(stream, ServiceReadyReply); // Implementation of SMTP, which does work correctly }  When I try to connect using this SMTP tool or even Chrome (by connecting to https://localhost:25000) the program blocks indefinitely on sslStream.AuthenticateAsServer(...) until the client times out, at which point an AggregateException containing an IOException is thrown. I have tried changing the parameters, but no combination seems to work. This is the stacktrace I get:  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x00027] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:606 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream:ProcessHandshake (Mono.Net.Security.AsyncOperationStatus) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:282 at Mono.Net.Security.AsyncProtocolRequest+d__24.MoveNext () [0x000ff] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:221 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:152 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x00037] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:187 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:156 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:128 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/compilerservices/TaskAwaiter.cs:447 at Mono.Net.Security.AsyncProtocolRequest+d__23.MoveNext () [0x00046] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:187 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:152 at Mono.Net.Security.MobileAuthenticatedStream.CheckThrow (System.Boolean authSuccessCheck, System.Boolean shutdownCheck) [0x00008] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:91 at Mono.Net.Security.MobileAuthenticatedStream.get_SslProtocol () [0x00011] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:707 at System.Net.Security.SslStream.get_SslProtocol () [0x00000] in /Users/builder/data/lanes/4992/mono-mac-sdk/external/bockbuild/builds/mono-x64/mcs/class/System/System.Net.Security/SslStream.cs:252  PS: I copied the certificate to my MacBook, but the exact same issue happens on my Raspberry Pi The attribute stream.DataAvailable is false at the moment the exception is thrown. I don't know if this information does really matter, but I guess it is better to give too much information than too little :) I have done quite a bit of research to my specific issue, and I found the following results which seem related to my issue: C# SslStream.AuthenticateAsServer() intermittently blocks indefinitely. Recovers after restart of application. AuthenticateAsServer blocks forever on any Jabber client but GAIM Bug 976638 - System.Net.Security.SslStream hangs in AuthenticateAsServer (this one seems to be very similar to my issue!) AuthenticateAsServer blocks forever on any Jabber client but GAIM (also very relevant) SslStream.AuthenticateAsServer and AuthenticateAsClient intermittently block indefinitely. SslStream.AuthenticateAsServer hangs At this point, I don't have any clue what could be going wrong. Any help is very much appreciated. If you need more information, I'll be glad to provide it. UPDATE: When I try to connect with Chrome to my server I get ERR_SSL_PROTOCOL_ERROR and an AuthenticationException that has an TlsException with TlsException.Message = "Unknown Secure Transport error IllegalParam'." (maybe I forgot to append 'https://' to the domain name when debugging initially? I would swear I did do that then though...) UPDATE 2: The error message is different for the MacBook and the Raspberry Pi: the above error message is from the MacBook and the following is what I get on the RPi: Mono.Btls.MonoBtlsException: Ssl error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST`