Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Android] SSLStream throws 'Handshake has already been started' on API level 26 #78716

Closed
steveisok opened this issue Nov 22, 2022 · 6 comments · Fixed by #78849
Closed

[Android] SSLStream throws 'Handshake has already been started' on API level 26 #78716

steveisok opened this issue Nov 22, 2022 · 6 comments · Fixed by #78849
Assignees
@simonrozsival
Labels
area-System.Net.Security os-android
Milestone
6.0.x

Comments

@steveisok
Copy link
Member

steveisok commented Nov 22, 2022
edited by karelz
Loading

The following block will throw an exception with Handshake has already been started on API level 26. Appears to be specific to our SSLEngine usage.

using var client = new TcpClient("login.sequrix.com", 443);
            using var stream = new SslStream(client.GetStream(), false);
            stream.AuthenticateAsClient(new SslClientAuthenticationOptions()
            {
                TargetHost = "login.sequrix.com"
            });
            stream.Read(new byte[100], 0, 100);

Exception:

Time	Device Name	Type	PID	Tag	Message
11-22 16:06:53.606	pixel_5_-_api_26	Warning	8609	System.err	java.lang.IllegalStateException: Handshake has already been started
	at com.android.org.conscrypt.OpenSSLEngineImpl.beginHandshakeInternal(OpenSSLEngineImpl.java:335)
	at com.android.org.conscrypt.OpenSSLEngineImpl.beginHandshake(OpenSSLEngineImpl.java:325)
11-22 16:06:53.607	pixel_5_-_api_26	Verbose	8609	SequriX	Push error: System.Security.Authentication.AuthenticationException: net_auth_SSPI
 ---> Interop+AndroidCrypto+SslException: Exception_WasThrown, Interop+AndroidCrypto+SslException
   Exception_EndOfInnerExceptionStack
   at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__175`1[[System.Net.Security.AsyncReadWriteAdapter, System.Net.Security, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
   at SuperSocket.ClientEngine.SslStreamTcpSession.AuthenticateAsClientAsync(SslStream sslStream, SecurityOption securityOption)
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Nov 22, 2022
@ghost
Copy link

ghost commented Nov 22, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

The following block will throw an exception with Handshake has already been started on API level 26. Appears to be specific to our SSLEngine usage.

using var client = new TcpClient("login.sequrix.com", 443);
            using var stream = new SslStream(client.GetStream(), false);
            stream.AuthenticateAsClient(new SslClientAuthenticationOptions()
            {
                TargetHost = "login.sequrix.com"
            });
            stream.Read(new byte[100], 0, 100);

Exception:

Time	Device Name	Type	PID	Tag	Message
11-22 16:06:53.606	pixel_5_-_api_26	Warning	8609	System.err	java.lang.IllegalStateException: Handshake has already been started
	at com.android.org.conscrypt.OpenSSLEngineImpl.beginHandshakeInternal(OpenSSLEngineImpl.java:335)
	at com.android.org.conscrypt.OpenSSLEngineImpl.beginHandshake(OpenSSLEngineImpl.java:325)
11-22 16:06:53.607	pixel_5_-_api_26	Verbose	8609	SequriX	Push error: System.Security.Authentication.AuthenticationException: net_auth_SSPI
 ---> Interop+AndroidCrypto+SslException: Exception_WasThrown, Interop+AndroidCrypto+SslException
   Exception_EndOfInnerExceptionStack
   at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__175`1[[System.Net.Security.AsyncReadWriteAdapter, System.Net.Security, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
   at SuperSocket.ClientEngine.SslStreamTcpSession.AuthenticateAsClientAsync(SslStream sslStream, SecurityOption securityOption)
Author: steveisok
Assignees: -
Labels:

area-System.Net.Security, untriaged
Milestone: -

@steveisok steveisok added os-android and removed untriaged New issue has not been triaged by the area owner labels Nov 22, 2022
@steveisok steveisok added this to the 8.0.0 milestone Nov 22, 2022
@ghost
Copy link

ghost commented Nov 22, 2022

Tagging subscribers to 'arch-android': @steveisok, @akoeplinger
See info in area-owners.md if you want to be subscribed.

Issue Details

The following block will throw an exception with Handshake has already been started on API level 26. Appears to be specific to our SSLEngine usage.

using var client = new TcpClient("login.sequrix.com", 443);
            using var stream = new SslStream(client.GetStream(), false);
            stream.AuthenticateAsClient(new SslClientAuthenticationOptions()
            {
                TargetHost = "login.sequrix.com"
            });
            stream.Read(new byte[100], 0, 100);

Exception:

Time	Device Name	Type	PID	Tag	Message
11-22 16:06:53.606	pixel_5_-_api_26	Warning	8609	System.err	java.lang.IllegalStateException: Handshake has already been started
	at com.android.org.conscrypt.OpenSSLEngineImpl.beginHandshakeInternal(OpenSSLEngineImpl.java:335)
	at com.android.org.conscrypt.OpenSSLEngineImpl.beginHandshake(OpenSSLEngineImpl.java:325)
11-22 16:06:53.607	pixel_5_-_api_26	Verbose	8609	SequriX	Push error: System.Security.Authentication.AuthenticationException: net_auth_SSPI
 ---> Interop+AndroidCrypto+SslException: Exception_WasThrown, Interop+AndroidCrypto+SslException
   Exception_EndOfInnerExceptionStack
   at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__175`1[[System.Net.Security.AsyncReadWriteAdapter, System.Net.Security, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
   at SuperSocket.ClientEngine.SslStreamTcpSession.AuthenticateAsClientAsync(SslStream sslStream, SecurityOption securityOption)
Author: steveisok
Assignees: -
Labels:

area-System.Net.Security, os-android
Milestone: -

@steveisok steveisok mentioned this issue Nov 22, 2022
Closed
@rgroenewoudt
Copy link

rgroenewoudt commented Nov 23, 2022
edited by karelz
Loading

This also effects SocketsHttpHandler and ClientWebSocket usage with HTTPS.

For example:

var client = new HttpClient(new SocketsHttpHandler());
await client.GetStringAsync("https://google.com");

@simonrozsival
Copy link
Member

This is likely related to dotnet/SqlClient#1656

@simonrozsival
Copy link
Member

I reproduced the issue locally and it should be possible to fix it. I should have a fix ready soon.

@simonrozsival simonrozsival mentioned this issue Nov 25, 2022
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Nov 25, 2022
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Nov 30, 2022
This was referenced Dec 6, 2022
Merged
Merged
@bddckr bddckr mentioned this issue Dec 12, 2022
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Dec 30, 2022
@karelz
Copy link
Member

karelz commented May 27, 2023

Fixed in main (8.0) in PR #78849 and in 7.0.3 in PR #79280 and in 6.0.14 in PR #79277.

@karelz karelz modified the milestones: 8.0.0, 6.0.x May 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@simonrozsival simonrozsival

Labels
area-System.Net.Security os-android
Projects
None yet
Milestone
6.0.x
Development

Successfully merging a pull request may close this issue.

[Android] Remove repeated calls to beginHandshake simonrozsival/runtime
4 participants
@simonrozsival @steveisok @karelz @rgroenewoudt