-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kestrel TLS handshake fails for every 2nd request when specifying the ClientCertificateMode.AllowCertificate option on Linux with .NET 7 #75079
Comments
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue DetailsIs there an existing issue for this?
Describe the bugGiven a Linux server with .NET 7 and a Windows client with .NET 6 or 7, Kestrel TLS handshake fails for every 2nd request when specifying the A Linux server with .NET 6 is not affected. A Windows server is not affected regardless of if the .NET version is 6 or 7. The following error can be seen in the logs of the server application (log level for "Microsoft.AspNetCore" set to "Trace"):
Expected BehaviorThere should be no TLS handshake errors. Steps To Reproducehttps://github.com/kristjanjogi-msft/kestrel-tlsbug-net7
Exceptions (if any)Client side, every other request fails:
Server side:
.NET Version7.0.0-preview.7.22375.6 Anything else?dotnet --info:
|
This is likely regression from #57079 (from 2021/9/4 -- early days of 7.0).
I have repro and I'm going to investigate root cause. |
Is there an existing issue for this?
Describe the bug
Given a Linux server with .NET 7 and a Windows client with .NET 6 or 7, Kestrel TLS handshake fails for every 2nd request when specifying the
ClientCertificateMode.AllowCertificate
option. The server being Linux and client being Windows is important.A Linux server with .NET 6 is not affected. A Windows server is not affected regardless of if the .NET version is 6 or 7.
The following error can be seen in the logs of the server application (log level for "Microsoft.AspNetCore" set to "Trace"):
Expected Behavior
There should be no TLS handshake errors.
Steps To Reproduce
https://github.com/kristjanjogi-msft/kestrel-tlsbug-net7
Clone the repository:
git clone https://github.com/kristjanjogi-msft/kestrel-tlsbug-net7.git
cd .\kestrel-tlsbug-net7
Build the Docker image for the server
docker build -t kestrelbug -f .\Server\Dockerfile .
Run the server as a Linux Docker container
docker run -d --env ASPNETCORE_URLS="https://+" -p 9876:443 kestrelbug
Run the client on Windows
dotnet run --project .\Client\Client.csproj
Check the server logs
docker logs [container_id]
Witness TLS handshake errors
Exceptions (if any)
Client side, every other request fails:
Server side:
.NET Version
7.0.0-preview.7.22375.6
Anything else?
dotnet --info:
The text was updated successfully, but these errors were encountered: