Summary
NvtSession.CreateSession(Uri[]) (multi-URI probe path) does not apply TLS 1.2 restriction or disable Expect: 100-Continue before probing candidate URIs. Cameras whose gSOAP stacks are incompatible with TLS 1.3 or that stall on Expect:100-Continue will always fail the probe — all candidate URIs are rejected and session creation fails.
Root cause
soapProbeWithTimeout sends a GetSystemDateAndTime SOAP request to each URI. For HTTPS probes, the default .NET TLS negotiation includes TLS 1.3, which certain embedded ONVIF cameras (e.g. Milesight) do not support. For HTTP probes, Expect: 100-Continue is enabled by default on .NET WebRequest, causing the camera to stall.
The single-URI CreateSession(deviceUri) overload sets ServicePointManager.FindServicePoint(deviceUri).Expect100Continue = false — but only for that one ServicePoint. The multi-URI probe path does not set the global ServicePointManager.Expect100Continue = false or SecurityProtocol = Tls12 before probing.
Reproduction
- Create
NvtSessionFactory targeting http://192.168.1.190/onvif/device_service (Milesight camera, port 80 open)
- Call
factory.CreateSession(uris) with the HTTP URI
- Probe fails: camera stalls on
Expect: 100-Continue
- HTTPS fallback also fails: camera rejects TLS 1.3
Fix
Before the probe loop in CreateSession(Uri[]):
- Set
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
- Set
ServicePointManager.Expect100Continue = false
- Set
ServicePointManager.ServerCertificateValidationCallback to accept self-signed certs
Integration test evidence
Media2IntegrationTests — all 7 tests fail at CreateSession() with:
System.Exception: SOAP probe failed for all URIs (including HTTPS fallback)
Probe attempts: http://192.168.1.190/onvif/device_service, https://192.168.1.190/onvif/device_service, https://192.168.1.190:8443/onvif/device_service — all fail.
Summary
NvtSession.CreateSession(Uri[])(multi-URI probe path) does not apply TLS 1.2 restriction or disableExpect: 100-Continuebefore probing candidate URIs. Cameras whose gSOAP stacks are incompatible with TLS 1.3 or that stall on Expect:100-Continue will always fail the probe — all candidate URIs are rejected and session creation fails.Root cause
soapProbeWithTimeoutsends aGetSystemDateAndTimeSOAP request to each URI. For HTTPS probes, the default .NET TLS negotiation includes TLS 1.3, which certain embedded ONVIF cameras (e.g. Milesight) do not support. For HTTP probes,Expect: 100-Continueis enabled by default on .NET WebRequest, causing the camera to stall.The single-URI
CreateSession(deviceUri)overload setsServicePointManager.FindServicePoint(deviceUri).Expect100Continue = false— but only for that one ServicePoint. The multi-URI probe path does not set the globalServicePointManager.Expect100Continue = falseorSecurityProtocol = Tls12before probing.Reproduction
NvtSessionFactorytargetinghttp://192.168.1.190/onvif/device_service(Milesight camera, port 80 open)factory.CreateSession(uris)with the HTTP URIExpect: 100-ContinueFix
Before the probe loop in
CreateSession(Uri[]):ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12ServicePointManager.Expect100Continue = falseServicePointManager.ServerCertificateValidationCallbackto accept self-signed certsIntegration test evidence
Media2IntegrationTests— all 7 tests fail atCreateSession()with:Probe attempts:
http://192.168.1.190/onvif/device_service,https://192.168.1.190/onvif/device_service,https://192.168.1.190:8443/onvif/device_service— all fail.