Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.NET Core 2.0 Cryptography uses Apple Security Framework on macOS #21

Open
richlander opened this issue Jul 18, 2017 · 1 comment
Open

.NET Core 2.0 Cryptography uses Apple Security Framework on macOS #21

richlander opened this issue Jul 18, 2017 · 1 comment
Labels
Breaking Change Enhancement macOS .NET Core 2.0 Security

Comments

@richlander
Copy link
Member

richlander commented Jul 18, 2017
edited
Loading

.NET Core 2.0 Cryptography uses Apple Security Framework on macOS

Summary

As part of the .NET Core 2.0 release, .NET Core cryptography APIs were changed to use the Apple Security Framework when running on macOS (10.12 and later versions). .NET Core 1.x uses OpenSSL on macOS/OS X (10.11 and later versions).

There were two challenges with using OpenSSL on macOS that motivated this change:

  • Apple deprecated the use of OpenSSL on macOS (see the OpenSSL section).
  • OpenSSL is not part of the macOS operating system and must be separately installed via Homebrew. This dependency, which was the only .NET Core dependency on macOS, added friction to using .NET Core on macOS.

.NET Core now uses the cryptography API that is offered for each operating system:

Details

Impact

All cryptography functionality is now provided by the Apple Security Framework. Only types whose name includes "OpenSsl", such as RSAOpenSsl, will continue to use OpenSSL on macOS. When using these APIs, OpenSSL needs to be installed separately via Homebrew since .NET Core doesn't install it.

The following types now use the Apple Security framework:

There are some cryptography operations that were supported by OpenSSL on macOS that are no longer supported with the new implementation, due to the functionality provided by the Apple Security Framework. See the Cross-Platform Cryptography document to learn about cryptography support per operating system.

The following types/scenarios have been affected by this change:

  • HTTPS: libcurl
    • Understanding that libcurl+openssl is special has been removed.
  • OID lookup moves to a fixed set of data due to lack of exposed platform API.
@dotnet dotnet locked and limited conversation to collaborators Jul 18, 2017
@richlander richlander changed the title .NET Core 2.0 Cryptography uses Apple Security Framework .NET Core 2.0 Cryptography uses Apple Security Framework on macOS Jul 18, 2017
@terrajobst
Copy link
Member

Reopening according to process.

@terrajobst terrajobst reopened this Nov 10, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Breaking Change Enhancement macOS .NET Core 2.0 Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@richlander @terrajobst