.NET SSLStream oddity? 12/6/2012 6:04:00 PM

Anyone have any idea why this call:

_httpsStream.AuthenticateAsServer(cert, _bWantClientCert, CONFIG.oAcceptedClientHTTPSProtocols, false);


Might occasionally fail thusly:

    A call to SSPI failed, see inner exception. < The specified data could not be decrypted

The same call with the same certificate succeeded earlier during the process' lifetime; after it gets in the "bad" state, it will continue to occur until I use a new certificate. If I take the cert object's private key, I can successfully .Encrypt and .Decrypt data with it.

The clients in this case are all major browsers, so this is definitely isn't the client's fault.

If I enable Crypto-NCrypt logging, I see the following in the event log:

Cryptographic Operation failed.
Cryptographic Parameters:
OperationType: DECRYPT
Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
Key Name: FiddlerBCKeys
Key Type:
Algorithm Name:
Failure Information:
    Return Code: 0xC000000D

Anyone have any tips for debugging this?

+ Comment
Alexey What you see in CAPI2 log? Event Viewer\Applications And Services Logs\Microsoft\Windows\CAPI2\Operational?
Eric @ No errors, although a bunch of operations on .CER files that were apparently generated within(C:\Users\lawrence\AppData\LocalLow\Microsoft\X509Objects) matching the self-generated certificates. Kinda odd to see them there, since those certs weren't generated via CAPI (used BouncyCastle).
Eric Oh, actually, those .CER Files correspond to those received from the upstream server, so they're not related to either the certs or private keys my code is generating...

< Eric's Blog Home

©1998-2020 Eric Lawrence