Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some HTTP & TLS test are failing on Insider Preview Windows build #47378

Closed
wfurt opened this issue Jan 24, 2021 · 3 comments · Fixed by #47459 or #47854
Closed

Some HTTP & TLS test are failing on Insider Preview Windows build #47378

wfurt opened this issue Jan 24, 2021 · 3 comments · Fixed by #47459 or #47854
Assignees
@aik-jahoda
Labels
area-System.Net.Security os-windows test-bug Problem in test source code (most likely) test-run-core Test failures in .NET Core test runs
Milestone
6.0.0

Comments

@wfurt
Copy link
Member

wfurt commented Jan 24, 2021

example like:

System.Net.Http.Functional.Tests.SocketsHttpHandler_HttpClientHandler_SslProtocols_Test.GetAsync_AllowedSSLVersion_Succeeds(acceptedProtocol: Tls13, requestOnlyThisProtocol: False) [FAIL]
        System.AggregateException : One or more errors occurred. (One or more errors occurred. (Authentication failed, see inner exception.)) (One or more errors occurred. (The SSL connection could not be established, see inner exception.))
        ---- System.AggregateException : One or more errors occurred. (Authentication failed, see inner exception.)
        -------- System.Security.Authentication.AuthenticationException : Authentication failed, see inner exception.
        ------------ System.ComponentModel.Win32Exception : The client and server cannot communicate, because they do not possess a common algorithm.
        ---- System.AggregateException : One or more errors occurred. (The SSL connection could not be established, see inner exception.)
        -------- System.Net.Http.HttpRequestException : The SSL connection could not be established, see inner exception.
        ------------ System.Security.Authentication.AuthenticationException : Authentication failed because the remote party sent a TLS alert: 'ProtocolVersion'.
        ---------------- System.ComponentModel.Win32Exception : The message received was unexpected or badly formatted.

There is some optimization in Windows that breaks the handshake in some uncommon cases. Following sequence will fail in step 3 if same SNI (e.g. TargetName) is used.

1)	Client SslProtocol.None -> Server SslProtocol.Tls13
2)	Client SslProtocol.None -> Server SslProtocol.Tls12
3)	Client SslProtocol.None -> Server SslProtocol.Tls13

While this is not great, it seems like Windows is not going to be changed. To stabilize our tests we can use distinct SNI for each protocol version (or GUID)
@wfurt wfurt added area-System.Net.Security os-windows test-run-core Test failures in .NET Core test runs labels Jan 24, 2021
@ghost
Copy link

ghost commented Jan 24, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

example like:

System.Net.Http.Functional.Tests.SocketsHttpHandler_HttpClientHandler_SslProtocols_Test.GetAsync_AllowedSSLVersion_Succeeds(acceptedProtocol: Tls13, requestOnlyThisProtocol: False) [FAIL]
        System.AggregateException : One or more errors occurred. (One or more errors occurred. (Authentication failed, see inner exception.)) (One or more errors occurred. (The SSL connection could not be established, see inner exception.))
        ---- System.AggregateException : One or more errors occurred. (Authentication failed, see inner exception.)
        -------- System.Security.Authentication.AuthenticationException : Authentication failed, see inner exception.
        ------------ System.ComponentModel.Win32Exception : The client and server cannot communicate, because they do not possess a common algorithm.
        ---- System.AggregateException : One or more errors occurred. (The SSL connection could not be established, see inner exception.)
        -------- System.Net.Http.HttpRequestException : The SSL connection could not be established, see inner exception.
        ------------ System.Security.Authentication.AuthenticationException : Authentication failed because the remote party sent a TLS alert: 'ProtocolVersion'.
        ---------------- System.ComponentModel.Win32Exception : The message received was unexpected or badly formatted.

There is some optimization in Windows that breaks the handshake in some uncommon cases. Following sequence will fail in step 3 if same SNI (e.g. TargetName) is used.

1)	Client SslProtocol.None -> Server SslProtocol.Tls13
2)	Client SslProtocol.None -> Server SslProtocol.Tls12
3)	Client SslProtocol.None -> Server SslProtocol.Tls13

While this is not great, it seems like Windows is not going to be changed. To stabilize our tests we can use distinct SNI for each protocol version (or GUID)

Author: wfurt
Assignees: -
Labels:

area-System.Net.Security, os-windows, test-run-core
Milestone: -

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Jan 24, 2021
@karelz karelz added this to the 6.0.0 milestone Jan 25, 2021
@karelz karelz added test-bug Problem in test source code (most likely) and removed untriaged New issue has not been triaged by the area owner labels Jan 25, 2021
@geoffkizer
Copy link
Contributor

We are going to see more and more use of Windows Insider builds as people start using QUIC and HTTP3. Would be good to get this test issue fixed before a bunch of people start hitting it.

@aik-jahoda aik-jahoda mentioned this issue Jan 26, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Jan 26, 2021
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Jan 28, 2021
@aik-jahoda
Copy link
Contributor

aik-jahoda commented Feb 4, 2021
edited
Loading

Reopen - The SNI length limit is 63 chars per DNS label, some test generates SNI longer

@aik-jahoda aik-jahoda reopened this Feb 4, 2021
@aik-jahoda aik-jahoda mentioned this issue Feb 4, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Feb 4, 2021
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Feb 5, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Mar 7, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@aik-jahoda aik-jahoda

Labels
area-System.Net.Security os-windows test-bug Problem in test source code (most likely) test-run-core Test failures in .NET Core test runs
Projects
None yet
Milestone
6.0.0
4 participants
@aik-jahoda @karelz @geoffkizer @wfurt