Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

disable Tls 1.0 and 1.1 tests on new Windows #68083

Merged
merged 1 commit into from
Apr 15, 2022
Merged

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented Apr 15, 2022

contributes to #67682, #67685 and perhaps others.

This is related to recent Server 2022 failures. When Server 2022 rolled out, all the older protocols were disables by Azure secure pack. We got approval to roll that back so we don't loose test coverage. However, there is catch.
While the older protocols were enabled by recent Helix change, the systems still has disabled weaker cipher suites and algorithms. So in practice the handshake fails with System.ComponentModel.Win32Exception : The client and server cannot communicate, because they do not possess a common algorithm.

This is smallest change to ge t clean CI again. (extra platforms)
Longer term we should either improve PlatformDetection to see if we have at least viable cipher suite for each TLS protocol version or improve CI machine configuration so each protocol can actually work when enable. (or both)

btw we should take this back to relase/* @carlossanlop to stabilize runs on server 2022.

@wfurt wfurt added area-System.Net.Security test-enhancement Improvements of test source code labels Apr 15, 2022
@wfurt wfurt requested review from stephentoub, danmoseley and a team April 15, 2022 17:47
@wfurt wfurt self-assigned this Apr 15, 2022
@ghost
Copy link

ghost commented Apr 15, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

contributes to #67682, #67685 and perhaps others.

This is related to recent Server 2022 failures. When Server 2022 rolled out, all the older protocols were disables by Azure secure pack. We got approval to roll that back so we don't loose test coverage. However, there is catch.
While the older protocols were enabled by recent Helix change, the systems still has disabled weaker cipher suites and algorithms. So in practice the handshake fails with System.ComponentModel.Win32Exception : The client and server cannot communicate, because they do not possess a common algorithm.

This is smallest change to ge t clean CI again. (extra platforms)
Longer term we should either improve PlatformDetection to see if we have at least viable cipher suite for each TLS protocol version or improve CI machine configuration so each protocol can actually work when enable. (or both)

btw we should take this back to relase/* @carlossanlop to stabilize runs on server 2022.

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Security, test-enhancement

Milestone: -

@wfurt
Copy link
Member Author

wfurt commented Apr 15, 2022

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@wfurt
Copy link
Member Author

wfurt commented Apr 15, 2022

none of the failing tests is in System.Net.Security or System.Net.Http.

@danmoseley danmoseley merged commit eedf05a into dotnet:main Apr 15, 2022
@danmoseley
Copy link
Member

/backport to release/6.0

@github-actions
Copy link
Contributor

@github-actions
Copy link
Contributor

@danmoseley backporting to release/6.0 failed, the patch most likely resulted in conflicts:

$ git am --3way --ignore-whitespace --keep-non-patch changes.patch

Applying: disable Tls 1.0 and 1.1 tests on new Windows
Using index info to reconstruct a base tree...
M	src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
CONFLICT (content): Merge conflict in src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 disable Tls 1.0 and 1.1 tests on new Windows
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Error: The process '/usr/bin/git' failed with exit code 128

Please backport manually!

rzikm pushed a commit to rzikm/dotnet-runtime that referenced this pull request Apr 21, 2022
carlossanlop pushed a commit that referenced this pull request May 3, 2022
* Resolve System.Net.Security.Tests.LoggingTest SkipTestException failure (#65322)

* improve Tls12 detection on Windows7 (#67935)

* disable Tls 1.0 and 1.1 tests on new Windows (#68083)

* Don't throw from RemoteExecutor on SkipTestExceptions (#65105)

* update SSL tests to deal better with disabled protocols (#65120)

* update SSL tests to deal better with disabled protocols

* Improve detection of Null encryption on Windows

* update expectation for Mismatched protocols

* update detection

* wrap win32 exception

* update ProtocolMismatchData sets

* remove debug print

* final cleanup

* generate mismatch data

* avoid SslProtocols.Default

Co-authored-by: Miha Zupan <[email protected]>
Co-authored-by: Tomas Weinfurt <[email protected]>
@ghost ghost locked as resolved and limited conversation to collaborators May 16, 2022
@karelz karelz added this to the 7.0.0 milestone Jul 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Net.Security test-enhancement Improvements of test source code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants