Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix TLS13 procesing on windows #34181

Merged
merged 4 commits into from Mar 30, 2020
Merged

fix TLS13 procesing on windows #34181

merged 4 commits into from Mar 30, 2020

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented Mar 27, 2020

This is follow-up on #32925. While that PR made it generally safe e.g. avoided concurrent decrypt/encrypt beyond OpenSSL it did not address few remaining issues.

With TLS1.3 "renegotiation" can happen without any read. That left framing unknown and caused exception visible in #1720. That also left some test hanging because of incorrect logic in ForceAuthenticationAsync.

We do not have CI to cover this but all tests are passing on my insider preview build.
TLS13 test should light-up when we have newer Windows versions in CI and when registry is set. (right now TLS13 is opt-in feature)

fixes #1720

@wfurt wfurt added this to the 5.0 milestone Mar 27, 2020
@wfurt wfurt requested review from stephentoub and a team March 27, 2020 06:56
@wfurt wfurt self-assigned this Mar 27, 2020
@scalablecory
Copy link
Contributor

Is the test here intending to be testing sync over async? If not, can it just be made async?

stephentoub
stephentoub approved these changes Mar 30, 2020
View reviewed changes
src/libraries/Common/tests/CoreFx.Private.TestUtilities/System/PlatformDetection.cs Outdated
}
else
{
return !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

macOS doesn't support TLS 1.3 on any version?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not in .NET. Tracked by #1979

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case can you please change this to something like:

else if (IsOSX)
{
    // [ActiveIssue("https://github.com/dotnet/runtime/issues/1979")]
    return false;
}
else
{
    return OpenSslVersion >= new Version(1,1,1);
}

? Thanks.

src/libraries/Common/tests/CoreFx.Private.TestUtilities/System/PlatformDetection.cs Outdated
}
else
{
return !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be a little bit more understandable as:

Suggested change
return !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0);
return !IsOSX && OpenSslVersion >= new Version(1,1,1);

@wfurt
Copy link
Member Author

wfurt commented Mar 30, 2020

I don't think the IO matters much @scalablecory. I would not touch it but before the test change the tests were just hanging with broken tts13. I did not know if there is easier way how to make the original GetByte() within given timeout. I also feel it is good to have variety in test coverage. If we make everything Async, we may miss some bugs.

@wfurt wfurt merged commit 85a3d4e into dotnet:master Mar 30, 2020
@wfurt wfurt deleted the tls13_win branch March 30, 2020 18:29
@dotnet dotnet locked as resolved and limited conversation to collaborators Dec 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stephentoub stephentoub stephentoub approved these changes

Assignees

@wfurt wfurt

Labels
area-System.Net.Security
Projects
None yet
Milestone
5.0.0
Development

Successfully merging this pull request may close these issues.

TLS1.3 does not work on Windows
3 participants
@wfurt @scalablecory @stephentoub