Skip to content

add TLS 1.3 support to WinHttp #58590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wfurt merged 4 commits into from
Sep 4, 2021
Merged

add TLS 1.3 support to WinHttp #58590

wfurt merged 4 commits into from
Sep 4, 2021

Conversation

@wfurt
Copy link
Member

@wfurt wfurt commented Sep 2, 2021

WinHttp now has and the flag and it seems to work right on Windows 11

#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000

.NET Framework 4.8 now supports Tls13 as well somebody can use it with casting int like the test change.
It really does not matter as long as running on supported OS and WinHttp as all the work is done by native code.

blocking #58570
fixes #58587

@wfurt wfurt requested a review from a team September 2, 2021 21:54
@wfurt wfurt self-assigned this Sep 2, 2021
@ghost
Copy link

ghost commented Sep 2, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

WinHttp now has and the flag and it seems to work right on Windows 11

#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000

.NET Framework 4.8 now supports Tls13 as well somebody can use it with casting int like the test change.
It really does not matter as long as running on supported OS and WinHttp as all the work is done by native code.

blocking #58570
fixes #58587

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Http, os-windows
Milestone: -

@wfurt
Copy link
Member Author

wfurt commented Sep 2, 2021

BTW Here is local test run:

=== TEST EXECUTION SUMMARY ===
     System.Net.Http.WinHttpHandler.Functional.Tests  Total: 1134, Errors: 0, Failed: 0, Skipped: 25, Time: 122.556s

and 4.8 Framework

  ----- start Thu 09/02/2021 14:39:14.05 ===============  To repro directly: =====================================================
  pushd C:\Users\test\github\wfurt-runtime\artifacts\bin\System.Net.Http.WinHttpHandler.Functional.Tests\net48-windows-Debug\
  xunit.console.exe System.Net.Http.WinHttpHandler.Functional.Tests.dll -xml testResults.xml -nologo -notrait category=OuterLoop -notrait category=failing -verbose -parallel none
  popd
  ===========================================================================================================
    Discovering: System.Net.Http.WinHttpHandler.Functional.Tests (app domain = on [no shadow copy], method display = ClassAndMethod, method display options = None)
    Discovered:  System.Net.Http.WinHttpHandler.Functional.Tests (found 171 of 293 test cases)
    Starting:    System.Net.Http.WinHttpHandler.Functional.Tests (parallel test collections = off, max threads = 4)

…

=== TEST EXECUTION SUMMARY ===
     System.Net.Http.WinHttpHandler.Functional.Tests  Total: 558, Errors: 0, Failed: 0, Skipped: 25, Time: 17.612s
  ----- end Thu 09/02/2021 14:39:33.08 ----- exit code 0 ----------------------------------------------------------

all tests are passing on Windows 11.

ManickaP
ManickaP approved these changes Sep 3, 2021
View reviewed changes
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

karelz
karelz approved these changes Sep 3, 2021
View reviewed changes
src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.SslProtocols.cs
handler.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12 | SslProtocols.Tls13;
#else
handler.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
handler.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12 | (SslProtocols)12288;
Copy link
Member

@karelz karelz Sep 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
handler.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12 | (SslProtocols)12288;
handler.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12 | (SslProtocols)0x3000;

Copy link
Member

@ManickaP ManickaP Sep 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the reason for 12288 is that's what we use in the definition:

runtime/src/libraries/System.Net.Primitives/ref/System.Net.Primitives.cs

Line 524 in 9f6da55

Tls13 = 12288,

Copy link
Member

@karelz karelz Sep 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, that is rather ugly. I wonder why? Perhaps it was auto-generated at some point?
I would still consider that hex values are more developer-friendly for reading ...

BTW: Definition is technically hex-defined:

runtime/src/libraries/System.Net.Primitives/src/System/Net/SecureProtocols/SslEnumTypes.cs

Line 18 in 57bfe47

Tls13 = Interop.SChannel.SP_PROT_TLS1_3,

runtime/src/libraries/Common/src/Interop/Windows/SChannel/Interop.SchProtocols.cs

Lines 31 to 33 in 57bfe47

public const int SP_PROT_TLS1_3_SERVER = 0x00001000;
public const int SP_PROT_TLS1_3_CLIENT = 0x00002000;
public const int SP_PROT_TLS1_3 = (SP_PROT_TLS1_3_SERVER | SP_PROT_TLS1_3_CLIENT);

src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs

private void SetSessionHandleTlsOptions(SafeWinHttpHandle sessionHandle)
{
const SslProtocols Tls13 = (SslProtocols)12288; // enum is missing in .NET Standard
Copy link
Member

@karelz karelz Sep 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const SslProtocols Tls13 = (SslProtocols)12288; // enum is missing in .NET Standard
const SslProtocols Tls13 = (SslProtocols)0x3000; // enum is missing in .NET Standard

Copy link
Member Author

@wfurt wfurt Sep 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took the value from documentation. But I don't really care. It seems like the SP_PROT is platform specific mapping that happens to be the same on Windows.
It feels like this is really matter of personal preference.

@karelz karelz added this to the 7.0.0 milestone Sep 3, 2021
@karelz
Copy link
Member

karelz commented Sep 3, 2021

Related test failures:

    System.Net.Http.Functional.Tests.PlatformHandler_HttpClientHandler.GetAsync_TrailingHeaders_Ignored(includeTrailerHeader: False) [FAIL]
      System.Net.Http.HttpRequestException : An error occurred while sending the request.
      ---- System.Net.Http.WinHttpException : Error 87 calling WinHttpSetOption, 'The parameter is incorrect.'.

I assume we need to check OS version if the option is supported or not, prior to setting it.

@karelz
Copy link
Member

karelz commented Sep 3, 2021

Once we have it working, we should consider porting it to 6.0 -- that way we will avoid backporting it to servicing once Win11 ships officially.

@wfurt wfurt merged commit 2e36b60 into dotnet:main Sep 4, 2021
@wfurt wfurt deleted the winhttp_58587 branch September 4, 2021 02:23
@karelz
Copy link
Member

karelz commented Sep 6, 2021

/backport to release/6.0

@github-actions
Copy link
Contributor

github-actions bot commented Sep 6, 2021

Started backporting to release/6.0: https://github.com/dotnet/runtime/actions/runs/1205541997

@github-actions github-actions bot mentioned this pull request Sep 6, 2021
Merged
@karelz karelz mentioned this pull request Sep 15, 2021
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Oct 6, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@karelz karelz karelz approved these changes

@ManickaP ManickaP ManickaP approved these changes

Assignees

@wfurt wfurt

Labels

area-System.Net.Http os-windows

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

WinHttp tests with Tls 1.3 are failing

3 participants

@wfurt @karelz @ManickaP