Windows Server 2003到2008 sslstream没有通用算法

Question

I found my issue with the previous question I asked.

It appears as though when connecting between Windows Server 2003 and 2008 using SSLSTREAM in C# the servers are not able to agree on a common algorithm.

The exact SSPI Exception I get is:

"The client and server cannot communicate, because they do not possess a common algorithm"

I have tried using SSL2, SSL3, TLS1. I tried using Default, I tried installing the AES SSL hotfix for server 2003. It seems no matter what I do, there are no common algorithms..

Does anyone know how I can solve this?

Also, when I try the same code on Windows 7 The Server/Client agree on: Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

That was taken from wireshark.

Windows Server 2003 does not have that cipher, but it should have some that are compatible without having to enable the ones listed here:

http://technet.microsoft.com/en-us/library/cc766285(WS.10).aspx

Thanks for any help

Answer 1

I cannot figure out from your question which side is the server and which is the client, and maybe it doesn't matter. Although I'm not that familiar with those servers, I have seen similar errors when the server is not able to find its RSA private key, either due to misconfiguration or more often misunderstanding. The server must have access to both a private key and its matching public key (contained in its certificate) in order to complete an authenticated connection.

Answer 2

The server likely tried to negotiate a SSLv3.0 connection with an AES cipher. That combination is technically illegal. See http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx?Redirected=true