Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cannot connect using certificate authentication and minimum protocol version TLSv1.3
See original GitHub issueSteps to reproduce
Enable certificate authentication: pg_hba.conf -> hostssl all all ::/0 cert
Set minimum protocol version: postgresql.conf -> ssl_min_protocol_version = 'TLSv1.3'
Try to open a connection using:
- SSL Mode = VerifyFull;
- Client Certificate
- Client Certificate Key
- Root Certificate
- Check Certificate Revocation = true;
The issue
Opening a connection fails with the following exception:
Npgsql.NpgsqlException (0x80004005): Exception while performing SSL handshake
---> System.Security.Authentication.AuthenticationException: Authentication failed because the remote party sent a TLS alert: 'ProtocolVersion'.
---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at Npgsql.Internal.NpgsqlConnector.RawOpen(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.Internal.NpgsqlConnector.RawOpen(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.Internal.NpgsqlConnector.<Open>g__OpenCore|195_1(NpgsqlConnector conn, SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.Internal.NpgsqlConnector.Open(NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.ConnectorPool.OpenNewConnector(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.ConnectorPool.<Get>g__RentAsync|29_0(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlConnection.<Open>g__OpenAsync|45_0(Boolean async, CancellationToken cancellationToken)
PostgreSQL logs:
[unknown]@[unknown] LOG: could not accept SSL connection: unsupported protocol
[unknown]@[unknown] HINT: This may indicate that the client does not support any SSL protocol version between TLSv1.3 and TLSv1.3.
I can connect to the same PostgreSQL instance from the same client machine with the connection parameters from JetBrains Rider, so it seems to me that the issue is with Npgsql. I also could not find anything related to TLS versions in the documenation. Is some additional configuration needed to use TLSv1.3?
Further technical details
Npgsql version: 6.0.0 PostgreSQL version: postgres (PostgreSQL) 14.1 (Ubuntu 14.1-1.pgdg20.04+1) Operating system: Windows 10 19043.1288
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
That fixed it, thanks!
Found these two threads about enabling tls 1.3 on windows, could you try them out?
https://answers.microsoft.com/en-us/windows/forum/all/how-to-enable-tls-13-in-windows-10/f9ab4993-4758-4de3-a7f9-54a47b61cc77?auth=1
https://stackoverflow.com/questions/64022167/does-net5-0-already-support-tls1-3