Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS1.3 does not work on Windows #1720

Closed
wfurt opened this issue Jan 14, 2020 · 1 comment · Fixed by #34181 or #37888
Closed

TLS1.3 does not work on Windows #1720

wfurt opened this issue Jan 14, 2020 · 1 comment · Fixed by #34181 or #37888
Assignees
@wfurt
Labels
area-System.Net.Security bug os-windows
Milestone
5.0.0

Comments

@wfurt
Copy link
Member

wfurt commented Jan 14, 2020

While TLS1.3 is not fully supported in releases Windows version It is available for opt-in in some recent one. I used internal preview and I verified that schannel can handle connect to TLS13 Azure endpoint as well as it can connect to my local Linux server running OpenSSL 1.1.1.

However when IO try to connect using .NET I get:

System.Net.Http.HttpRequestException: An error occurred while sending the request.
 ---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.
   at System.Net.Security.SslStream.ReadAsyncInternal[TReadAdapter](TReadAdapter adapter, Memory`1 buffer)
   at System.Net.Http.HttpConnection.FillAsync()
   at System.Net.Http.HttpConnection.ReadNextResponseHeaderLineAsync(Boolean foldedHeadersAllowed)
   at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)

further more, When TLS1.3 was originally added to .NET OpenSSL was only one working implementation. Currently TLS1.3 tests will not run on TLS1.3 capable Windows server as well as other test break when 1.3 is enabled.
@wfurt wfurt added this to the 5.0 milestone Jan 14, 2020
@wfurt wfurt self-assigned this Jan 14, 2020
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added the untriaged New issue has not been triaged by the area owner label Jan 14, 2020
This was referenced Jan 21, 2020
Open
Closed
@karelz karelz added bug and removed untriaged New issue has not been triaged by the area owner labels Feb 12, 2020
@vcsjones vcsjones mentioned this issue Feb 18, 2020
Closed
@wfurt wfurt mentioned this issue Feb 27, 2020
Merged
@wfurt wfurt mentioned this issue Mar 27, 2020
Merged
@bartonjs bartonjs mentioned this issue Apr 3, 2020
Closed
@wfurt
Copy link
Member Author

wfurt commented Jun 1, 2020

In new Windows, we will need to use new API https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-sch_credentials. That means more changes to Windows PAL

@wfurt wfurt reopened this Jun 1, 2020
@wfurt wfurt mentioned this issue Jun 1, 2020
Closed
@wfurt wfurt mentioned this issue Jun 15, 2020
Merged
@mjcheetham mjcheetham mentioned this issue Dec 1, 2020
Closed
9 tasks
@ghost ghost locked as resolved and limited conversation to collaborators Dec 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@wfurt wfurt

Labels
area-System.Net.Security bug os-windows
Projects
None yet
Milestone
5.0.0
3 participants
@karelz @wfurt @Dotnet-GitSync-Bot