HTTP/3: Support SslServerAuthenticationOptions with QUIC

[JamesNK]

SslServerAuthenticationOptions is the primary type for configuring HTTPS/TLS in Kestrel. It is designed for SslStream but most of the options can be mapped to QUIC.

The goal is to make setting a certificate for HTTP/3 to be like setting a certificate for other protocols.

Break down of its properties:

• AllowRenegotiation. Not sure if this is supported in QUIC or not. Crypto settings can't change once started with QUIC. Alternatively, might map to QUIC_SERVER_RESUMPTION_LEVEL.
• ApplicationProtocols. Already using successfully.
• CertificateRevocationCheckMode. No built in support. Can we implement manually with .NET APIs?
• CipherSuitesPolicy. Not currently supported. Tracked separately as QUIC: support CipherSuitesPolicy #55378
• ClientCertificateRequired. QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION.
• EnabledSslProtocols. Not revelevent.
• EncryptionPolicy. Not revelevent.
• RemoteCertificateValidationCallback. QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED.
  • certificate - Passed as a platform sepecific certificate type.
  • chain - resolve from certificate?
  • sslPolicyErrors - figure this out ourselves?
• ServerCertificate. Already used.
• ServerCertificateContext. Not sure about this one.
• ServerCertificateSelectionCallback. Used for SNI. Already used as part of setting the server certificate with a listener connection. Relevent: https://github.com/microsoft/msquic/blob/73bd4a7700b9d0c4f9570a46734eb9bf40f8448f/src/inc/msquic.h#L753 Extracted to [QUIC] Server side certificate selection via ServerCertificateSelectionCallback should work #55421

System.Net.Quic currently has an out of date version of msquic. Current blocked on msquic update: #44580

[ghost]

Thanks for contacting us.
We're moving this issue to the Next sprint planning milestone for future evaluation / consideration. We will evaluate the request when we are planning the work for the next milestone. To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[ghost]

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

SslServerAuthenticationOptions is the primary type for configuring HTTPS/TLS in Kestrel. It is designed for SslStream but most of the options can be mapped to QUIC.

The goal is to make setting a certificate for HTTP/3 to be like setting a certificate for other protocols.

Break down of its properties:

• AllowRenegotiation. Not sure if this is supported in QUIC or not. Crypto settings can't change once started with QUIC. Alternatively, might map to QUIC_SERVER_RESUMPTION_LEVEL.
• ApplicationProtocols. Already using successfully.
• CertificateRevocationCheckMode. No built in support. Can we implement manually with .NET APIs?
• CipherSuitesPolicy. Not currently supported. Open issue for msquic to support: Add Option for Ciphers to QUIC_CREDENTIAL_CONFIG microsoft/msquic#109
• ClientCertificateRequired. QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION.
• EnabledSslProtocols. Not revelevent.
• EncryptionPolicy. Not revelevent.
• RemoteCertificateValidationCallback. QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED.
  • certificate - Passed as a platform sepecific certificate type.
  • chain - resolve from certificate?
  • sslPolicyErrors - figure this out ourselves?
• ServerCertificate. Already used.
• ServerCertificateContext. Not sure about this one.
• ServerCertificateSelectionCallback. Used for SNI. Already used as part of setting the server certificate with a listener connection. Relevent: https://github.com/microsoft/msquic/blob/73bd4a7700b9d0c4f9570a46734eb9bf40f8448f/src/inc/msquic.h#L753

System.Net.Quic currently has an out of date version of msquic. Current blocked on msquic update: #44580

Author:	JamesNK
Assignees:	-
Labels:	area-System.Net.Security, untriaged
Milestone:	-

[ghost]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

---

SslServerAuthenticationOptions is the primary type for configuring HTTPS/TLS in Kestrel. It is designed for SslStream but most of the options can be mapped to QUIC.

The goal is to make setting a certificate for HTTP/3 to be like setting a certificate for other protocols.

Break down of its properties:

• AllowRenegotiation. Not sure if this is supported in QUIC or not. Crypto settings can't change once started with QUIC. Alternatively, might map to QUIC_SERVER_RESUMPTION_LEVEL.
• ApplicationProtocols. Already using successfully.
• CertificateRevocationCheckMode. No built in support. Can we implement manually with .NET APIs?
• CipherSuitesPolicy. Not currently supported. Open issue for msquic to support: Add Option for Ciphers to QUIC_CREDENTIAL_CONFIG microsoft/msquic#109
• ClientCertificateRequired. QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION.
• EnabledSslProtocols. Not revelevent.
• EncryptionPolicy. Not revelevent.
• RemoteCertificateValidationCallback. QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED.
  • certificate - Passed as a platform sepecific certificate type.
  • chain - resolve from certificate?
  • sslPolicyErrors - figure this out ourselves?
• ServerCertificate. Already used.
• ServerCertificateContext. Not sure about this one.
• ServerCertificateSelectionCallback. Used for SNI. Already used as part of setting the server certificate with a listener connection. Relevent: https://github.com/microsoft/msquic/blob/73bd4a7700b9d0c4f9570a46734eb9bf40f8448f/src/inc/msquic.h#L753

System.Net.Quic currently has an out of date version of msquic. Current blocked on msquic update: #44580

Author:	JamesNK
Assignees:	-
Labels:	area-System.Net.Http, area-System.Net.Security, untriaged
Milestone:	-

[JamesNK]

Moved to runtime. Changes will need to be made here in QUIC library.

@geoffkizer

[ghost]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

---

SslServerAuthenticationOptions is the primary type for configuring HTTPS/TLS in Kestrel. It is designed for SslStream but most of the options can be mapped to QUIC.

The goal is to make setting a certificate for HTTP/3 to be like setting a certificate for other protocols.

Break down of its properties:

• AllowRenegotiation. Not sure if this is supported in QUIC or not. Crypto settings can't change once started with QUIC. Alternatively, might map to QUIC_SERVER_RESUMPTION_LEVEL.
• ApplicationProtocols. Already using successfully.
• CertificateRevocationCheckMode. No built in support. Can we implement manually with .NET APIs?
• CipherSuitesPolicy. Not currently supported. Open issue for msquic to support: Add Option for Ciphers to QUIC_CREDENTIAL_CONFIG microsoft/msquic#109
• ClientCertificateRequired. QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION.
• EnabledSslProtocols. Not revelevent.
• EncryptionPolicy. Not revelevent.
• RemoteCertificateValidationCallback. QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED.
  • certificate - Passed as a platform sepecific certificate type.
  • chain - resolve from certificate?
  • sslPolicyErrors - figure this out ourselves?
• ServerCertificate. Already used.
• ServerCertificateContext. Not sure about this one.
• ServerCertificateSelectionCallback. Used for SNI. Already used as part of setting the server certificate with a listener connection. Relevent: https://github.com/microsoft/msquic/blob/73bd4a7700b9d0c4f9570a46734eb9bf40f8448f/src/inc/msquic.h#L753

System.Net.Quic currently has an out of date version of msquic. Current blocked on msquic update: #44580

Author:	JamesNK
Assignees:	-
Labels:	area-System.Net.Quic, untriaged
Milestone:	-

[geoffkizer]

@wfurt Can you help with some of these?

[geoffkizer]

CertificateRevocationCheckMode

What does msquic do currently? Just not check for revocation?

[wfurt]

Is the server certificate working on Linux @JamesNK?

From the list:

• allow renegotiation: we should ignore and not applicable to TLS13. The resumption is whole different connect and and should not be mixed.

For the revocation, we can most likely use X509Chain to do verification via custom callback. This is generally What we do now for SslStream.

For the ServerCertificateContext aka custom trust we will need to check and probably make API changes. It will work on Windows as ServerCertificateContext puts intermediate certificates to the CA store. Validation may still be problematic.

I think we should focus on marshaling certificates in & out and making that consistent across all platforms.
I can take a look and perhaps we can reuse or mimic parts of X509Certificate2 PAL.

[JamesNK]

Is the server certificate working on Linux @JamesNK?

I have been purely testing on Windows so I don't know about Linux. Other devs are using Linux with a custom build of OpenSSL so I assume it is working there.

[JamesNK]

CertificateRevocationCheckMode

What does msquic do currently? Just not check for revocation?

I'm not sure. It could also be the opposite: msquic only accepts non-revocated client certs.

[JamesNK]

@nibanks This is the list I put together after our meeting comparing TLS server configuration in .NET to msquic.

What is msquic behavior without a CertificateRevocationCheckMode property?

[ManickaP]

Is the server certificate working on Linux @JamesNK?

I'll answer that, no it isn't, we're using "tls_stub" msquic version to work around that ATM.

[wfurt]

The ServerCertificateSelectionCallback and RemoteCertificateValidationCallback should be fully functional now. We get certificate from MsQuic and we use X509Chain to construct the chain as well as to check validity including revocation.

I'm wondering if it would make sense to trace remain tasks separately. I think it would be easier to track and argue about priority than large mega issue. For example, microsoft/msquic#1430 added support for Cipher selection but there are 3 max to choose from so it seems pretty marginal.

[ManickaP]

Meeting notes:
@wfurt will spawn new issues for the missing points and this issue will be closed.
@geoffkizer promised to look into QUIC spec whether it supports SNI based cert selection. If not, the last point is moot, if yes and msquic doesn't support it, we need to file an issue there and then follow up with our code.

[ManickaP]

ClientCertificateRequired. QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION is the last thing on the list, that hasn't been crossed out.
@wfurt what is the state of that? So that we can close this issue.

[wfurt]

That should be fixed with #54302 @ManickaP. The server part is OK but on client MsQuic does not support it on Linux and I'm going to open issue for tracking. It should light up when read as the certificate handling is shared with server e.g. on Linux we should marshall the portable buffer instead of Windows certstore handle.

[wfurt]

microsoft/msquic#1803 opened to track the Linux support in MsQuic

[ManickaP]

Closing then, all should be either resolved or tracked by one of: #55378, #55421 and microsoft/msquic#1803