New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix TLS13 procesing on windows #34181
Conversation
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs
Outdated
Show resolved
Hide resolved
Is the test here intending to be testing sync over async? If not, can it just be made async? |
} | ||
else | ||
{ | ||
return !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
macOS doesn't support TLS 1.3 on any version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not in .NET. Tracked by #1979
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that case can you please change this to something like:
else if (IsOSX)
{
// [ActiveIssue("https://github.com/dotnet/runtime/issues/1979")]
return false;
}
else
{
return OpenSslVersion >= new Version(1,1,1);
}
? Thanks.
} | ||
else | ||
{ | ||
return !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be a little bit more understandable as:
return !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0); | |
return !IsOSX && OpenSslVersion >= new Version(1,1,1); |
I don't think the IO matters much @scalablecory. I would not touch it but before the test change the tests were just hanging with broken tts13. I did not know if there is easier way how to make the original GetByte() within given timeout. I also feel it is good to have variety in test coverage. If we make everything Async, we may miss some bugs. |
This is follow-up on #32925. While that PR made it generally safe e.g. avoided concurrent decrypt/encrypt beyond OpenSSL it did not address few remaining issues.
With TLS1.3 "renegotiation" can happen without any read. That left framing
unknown
and caused exception visible in #1720. That also left some test hanging because of incorrect logic inForceAuthenticationAsync
.We do not have CI to cover this but all tests are passing on my insider preview build.
TLS13 test should light-up when we have newer Windows versions in CI and when registry is set. (right now TLS13 is opt-in feature)
fixes #1720