SSL problem while sending Firebase Message

0
votes

I'm trying to send notification to apps via Google Firebase using .Net SDK. I can send out message successfully on my computer, but fail on my Windows 2016 Server. According to the error message, it seems like a SSL/TLS communication problem.

When I enable all protocol and cipher suites on server, the application runs without a problem. But when I disable TLS 1.0 protocol, it causes a "The client and server cannot communicate, because they do not possess a common algorithm" error when calling SendAsync function. If I enable TLS 1.0 again but disable some weak cipher suites using CBC, it causes a "The request was aborted: Could not create SSL/TLS secure channel." error.

[WebException: The request was aborted: Could not create SSL/TLS secure channel.]
   System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context) +337
   System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar) +145

[HttpRequestException: An error occurred while sending the request.]
   Google.Apis.Http.<SendAsync>d__69.MoveNext() +4670
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Google.Apis.Auth.OAuth2.Requests.<ExecuteAsync>d__1.MoveNext() +402
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Google.Apis.Auth.OAuth2.<RequestAccessTokenAsync>d__38.MoveNext() +492
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   Google.Apis.Auth.OAuth2.<RefreshTokenAsync>d__12.MoveNext() +766
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   Google.Apis.Auth.OAuth2.TokenRefreshManager.ResultWithUnwrappedExceptions(Task`1 task) +138
   System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke() +104
   System.Threading.Tasks.Task.Execute() +71
...

That is really weird. Does the C# SDK only support TLS 1.0 and old cipher suites?? Or it's a .Net framework issue?

Here is my code, in vb.net

Async Function sendMessage(ByVal Message As Messaging.Message) As Threading.Tasks.Task(Of String)

    Dim app As FirebaseApp

    Try
        app = FirebaseApp.Create(New AppOptions With { _
            .ProjectId = "xxx", _
            .Credential = GoogleCredential.FromFile(Server.MapPath("xxx-yyyy.json")) _
        }, "lab6")
    Catch ex As Exception
        app = FirebaseApp.GetInstance("lab6")
    End Try


    Dim result As String = ""

    Dim firebaseMessagingInstance As FirebaseMessaging = FirebaseMessaging.GetMessaging(app)

    result = Await firebaseMessagingInstance.SendAsync(Message)

    Return result

End Function

The exception occurs when it calls the SendAsync method.

.Net framework version: 4.6.1

FirebaseAdmin SDK version: 2.2.0

Any idea about why does this happen? Is there any way to force using TLS 1.2 protocol?

Gary

2
firebasesslencryptionfirebase-cloud-messaging

2 Answers

1
votes

I finally found out why. TLS 1.2 is natively supported by Windows Server 2016, but .Net framework 4.6.1 doesn't use it as a default protocol. We have to set a registry to tell .Net to use strong Crypto.

Add or set a registry entry using regedit.exe:

HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319
HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319
Name: SchUseStrongCrypto
Type: DWORD
Value: 1

By adding this entry solve my problem.

Gary

0
votes

TLS 1.2 (currently) seems to be the only supported protocol. There's no need to enforce it, but one has to install it, so that the protocol-negotiation will result in success. Please refer to this how-to install TLS 1.2 on a Windows 2016 Server... or the MSDN, for how to set it as default. IISCrypto seems to be useful for inspecting the setup.