I have a project that uses Dave Robin's BACnet/SC reference implementation, an open source code for BACnet/SC, for SC communication. My devices works as a hub. When YABE connects to my device, I saw an error as below. BACnet/SC reference implementation enabled TLSv1.3.
BACnet/SC WebScoket : WebSocketSharp.WebSocketException: An error has occurred during a TLS handshake. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
BACnet/SC Close : An exception has occurred while connecting.
Does anyone see this error? Is there any way to fix it?
Thanks,
Mingshu
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I could be wrong in saying this but I got the impression that the BACnet/SC reference implementation generates a new certificate each time it is run, so (if I am correct?) I don't know if that might also be part of the problem (/the certificate might be one possible challenge).
(Personally, despite the time, intelligence and effort that seemed to go into the BACnet/SC reference implementation, I found it to be too confusing, heavyweight and for some part unfriendly, I personally tip my had to 'YABE' as being a more clear-cut sample - at least as a starting point; but to be fair, BACnet/SC by itself is a lot to swallow / a potentially steep learning-curve - at least if you have to stare at all the fine details. I hope for the day when they make the BACnet standard more accessible and with additional if not also better descriptions/examples. But maybe that's just me - I'm too lacking in intelligence to understand better.)
Last edit: Dennis V McEnaney 2023-10-24
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No the BACnet/SC reference implementation always use the same certificate.
The TestHub code by default is using the TestHub.pem & key files signed by the owner of TestSigningCertificate.
The given file Yabe.p12 is in fact the TestNode.pem & key files also signed by the owner of TestSigningCertificate.
So if you start TestHub application you can connect it using wss using Yabe.p12.
The configuration file for Yabe is attached, The IP endpoint should be addapted.
The BACnet/SC reference implementation is not sending the complet certificate chain during the TLS echange. I don't know also how to do it in C# ... I'm looking for that since a long time !
So if the Hub certifificate in Yabe configuration file is the TestSigningCertificate rather than the TestHub.pem, then this root certificate should be added in the Windows Root certificates store to be automaticaly inserted in the test chain : RemoteCertificateValidationCallback method in BACnetTransportSecureConnect.cs
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@fchaxel ( I could be wrong but I believe C#/.NET is expecting the certificate chain to be present upon the O/S, so you'd probably have to open the relevant cert store 'location' & 'store' yourself in order to be able to traverse the full chain (/'Certification Path') of certificates; but I would imagine that in most cases what you're generally looking to do is just verify the chain - i.e. invoke the cert's 'Verify()' method during the remote-cert-validation. )
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have a project that uses Dave Robin's BACnet/SC reference implementation, an open source code for BACnet/SC, for SC communication. My devices works as a hub. When YABE connects to my device, I saw an error as below. BACnet/SC reference implementation enabled TLSv1.3.
BACnet/SC WebScoket : WebSocketSharp.WebSocketException: An error has occurred during a TLS handshake. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
BACnet/SC Close : An exception has occurred while connecting.
Does anyone see this error? Is there any way to fix it?
Thanks,
Mingshu
Hi,
Windows 10 is not natively OK for TLS1.3.
Try https://sourceforge.net/p/yetanotherbacnetexplorer/code/HEAD/tree/trunk/Docs/ActivateTLS1.3%20On%20Win10.reg
but not always working !
Without any kind of problem on Windows 11.
Bye
Thank you. I will try Windows11.
Hi,
Trys with the last registry information.
Bye.
I could be wrong in saying this but I got the impression that the BACnet/SC reference implementation generates a new certificate each time it is run, so (if I am correct?) I don't know if that might also be part of the problem (/the certificate might be one possible challenge).
(Personally, despite the time, intelligence and effort that seemed to go into the BACnet/SC reference implementation, I found it to be too confusing, heavyweight and for some part unfriendly, I personally tip my had to 'YABE' as being a more clear-cut sample - at least as a starting point; but to be fair, BACnet/SC by itself is a lot to swallow / a potentially steep learning-curve - at least if you have to stare at all the fine details. I hope for the day when they make the BACnet standard more accessible and with additional if not also better descriptions/examples. But maybe that's just me - I'm too lacking in intelligence to understand better.)
Last edit: Dennis V McEnaney 2023-10-24
Hi Dennis,
No the BACnet/SC reference implementation always use the same certificate.
The TestHub code by default is using the TestHub.pem & key files signed by the owner of TestSigningCertificate.
The given file Yabe.p12 is in fact the TestNode.pem & key files also signed by the owner of TestSigningCertificate.
So if you start TestHub application you can connect it using wss using Yabe.p12.
The configuration file for Yabe is attached, The IP endpoint should be addapted.
Bye.
One dot more.
The BACnet/SC reference implementation is not sending the complet certificate chain during the TLS echange. I don't know also how to do it in C# ... I'm looking for that since a long time !
So if the Hub certifificate in Yabe configuration file is the TestSigningCertificate rather than the TestHub.pem, then this root certificate should be added in the Windows Root certificates store to be automaticaly inserted in the test chain : RemoteCertificateValidationCallback method in BACnetTransportSecureConnect.cs
@fchaxel ( I could be wrong but I believe C#/.NET is expecting the certificate chain to be present upon the O/S, so you'd probably have to open the relevant cert store 'location' & 'store' yourself in order to be able to traverse the full chain (/'Certification Path') of certificates; but I would imagine that in most cases what you're generally looking to do is just verify the chain - i.e. invoke the cert's 'Verify()' method during the remote-cert-validation. )
Update: after I change into WIN11, Yabe works well with BACnet/SC reference implementation. I don't see any issues so far.
Thank you very much.