.net Maui SSLStream.AuthenticateAsClient is throwing exception on Android

[vsfeedback]

This issue has been moved from a ticket on Developer Community.

---

[severity:I'm unable to use this version]
Depending on Android version, an exception is being thrown on the SSLStream.AuthenticateAsClient method on a TcpClient socket communication. On Android 5.1:

Inner Exception: System.PlatformNotSupportedException: Setting an SNI hostname is not supported on this API level.

On Android 10.0:

Inner Exception: Interop+AndroidCrypto+SslException: Exception of type 'Interop+AndroidCrypto+SslException' was thrown

This same logic works fine under Xamarin.Forms apps on Android and under .net Maui windows apps. I've attached sample projects of Visual Studio projects for Xamarin Forms (CommTester) and for .net Maui (MauiCommTester) so you can easily reproduce the problem.

Our mobile apps require use of TCP sockets and using Http REST web services is not an option.

I am using the following version of Visual Studio Preview:

Microsoft Visual Studio Professional 2022 (64-bit) - Preview
Version 17.3.0 Preview 3.0

---

Original Comments

Feedback Bot on 7/25/2022, 08:05 PM:

(private comment, text removed)

Feedback Bot on 8/3/2022, 02:51 PM:

(private comment, text removed)

---

Original Solutions

(no solutions)

[simonrozsival]

The internal crypto implementation relies on some Android's API 24 (e.g., javax.net.ssl.SNIHostName) and it won't work on Android versions older than 7.0.

The Interop+AndroidCrypto+SslException is usually caused by invalid (often self-signed, expired, hostname mismatch) certificates. The remote certificate validation callback doesn't work correctly on Android and it is tracked in dotnet/runtime#45741.

Currently, the only workaround is bundling the certificate into the app and importing it via network_security_config.xml. This workaround isn't applicable when the certificate needs to be obtained dynamically, but in this case, based on the sample project provided by the customer, I think it should help.

The customer correctly pointed out that this is a .NET issue and not a Xamarin issue and it is related to the missing Android Crypto functionality in .NET 6. I think we should move this issue under dotnet/runtime or close it, since it's a know limitation tracked in dotnet/runtime#45741.

[rgroenewoudt]

I'm also running into this issue on Android 5 during local development (which uses an self signed certificate)

Network_security_config.xml was only added in Android 7 so that doesn't work as a workaround for Android 5 & 6.
Perhaps this should be added to the release notes as a known issue?

[steveisok]

@rgroenewoudt dotnet/runtime#77386 is working its way through runtime and that should solve the self signed cert problem.

[PrashanthGR]

Interop+AndroidCrypto+SslException is occuring in .net8 preview 5 using sslstream

[simonrozsival]

I think that we fixed the problem in dotnet/runtime#78918 and I am not able to reproduce the exception thrown by SslStream.AuthenticateAsclient the customer was experiencing in the latest .NET 8 preview. @steveisok @grendello I think we can close this issue.

@PrashanthGR would you mind opening a new issue in the https://github.com/dotnet/runtime repository with more information? Which Android versions were affected? Can you share a repro project and steps to reproduce the issue?