Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SslStream.IsMutuallyAuthenticated calls are expensive on Windows #95687

Closed
rzikm opened this issue Dec 6, 2023 · 2 comments · Fixed by #100513
Closed

SslStream.IsMutuallyAuthenticated calls are expensive on Windows #95687

rzikm opened this issue Dec 6, 2023 · 2 comments · Fixed by #100513
Assignees
@rzikm
Labels
area-System.Net.Security in-pr There is an active PR which will close this issue when it is merged os-windows tenet-performance Performance related issue
Milestone
9.0.0

Comments

@rzikm
Copy link
Member

rzikm commented Dec 6, 2023

On Windows, client SslStream instances need to check if the client certificate was used via native API to SSPI. This call seems to be quite expensive if user calls the property getter often (e.g. for audit logging ber HTTP/2 request).

We should consider doing some internal caching since the value of the property should not change during the lifetime of the SslStream instance, with an exception of post-handshake client certificate negotiation.
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Dec 6, 2023
@ghost
Copy link

ghost commented Dec 6, 2023

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

On Windows, client SslStream instances need to check if the client certificate was used via native API to SSPI. This call seems to be quite expensive if user calls the property getter often (e.g. for audit logging ber HTTP/2 request).

We should consider doing some internal caching since the value of the property should not change during the lifetime of the SslStream instance, with an exception of post-handshake client certificate negotiation.

Author: rzikm
Assignees: -
Labels:

area-System.Net.Security, untriaged
Milestone: -

@rzikm rzikm added os-windows area-System.Net.Security tenet-performance Performance related issue and removed area-System.Net.Security untriaged New issue has not been triaged by the area owner labels Dec 6, 2023
@ghost
Copy link

ghost commented Dec 6, 2023

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

On Windows, client SslStream instances need to check if the client certificate was used via native API to SSPI. This call seems to be quite expensive if user calls the property getter often (e.g. for audit logging ber HTTP/2 request).

We should consider doing some internal caching since the value of the property should not change during the lifetime of the SslStream instance, with an exception of post-handshake client certificate negotiation.

Author: rzikm
Assignees: -
Labels:

area-System.Net.Security, os-windows, tenet-performance
Milestone: -

@rzikm rzikm added this to the Future milestone Dec 6, 2023
@rzikm rzikm self-assigned this Apr 2, 2024
@rzikm rzikm mentioned this issue Apr 2, 2024
Merged
@dotnet-policy-service dotnet-policy-service bot added the in-pr There is an active PR which will close this issue when it is merged label Apr 2, 2024
@github-actions github-actions bot locked and limited conversation to collaborators May 8, 2024
@karelz karelz modified the milestones: Future, 9.0.0 May 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rzikm rzikm

Labels
area-System.Net.Security in-pr There is an active PR which will close this issue when it is merged os-windows tenet-performance Performance related issue
Projects
None yet
Milestone
9.0.0
Development

Successfully merging a pull request may close this issue.

Avoid frequent calls to CertificateValidationPal.IsLocalCertificateUsed rzikm/dotnet-runtime
2 participants
@karelz @rzikm