Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/6.0] make sure OpenSSL is initialized before Tls13Supported code runs #64252

Merged
merged 1 commit into from
Feb 7, 2022
Merged

[release/6.0] make sure OpenSSL is initialized before Tls13Supported code runs #64252

merged 1 commit into from
Feb 7, 2022

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented Jan 25, 2022
edited by karelz
Loading

This back port of #62973

Fixes #61891

Customer Impact

Customer reported regression. When customer uses class System.Net.Security.CipherSuitesPolicy early in the process it will throw exception and it will also prevent ANY further usage of TLS 1.3 in that process.

The root cause is bad dependency of static constructors which won't initialize OpenSSL in time. TLS 1.3 detection will fail without initialized OpenSSL and the (failed) result will be stored in a static variable.

Regression

Yes, it was introduced in 6.0

Testing

Testing was manual as the behavior depends on loading native ship and sequence of operations - both happen before our test even start. I used the sample code from #62973 and debugger to verify that the property is properly set.

Risk

Small. This basically makes sure OpenSSL is initialized before we use it.

@wfurt wfurt added Servicing-consider Issue for next servicing release review area-System.Net.Security labels Jan 25, 2022
@wfurt wfurt added this to the 6.0.x milestone Jan 25, 2022
@wfurt wfurt requested a review from a team January 25, 2022 02:37
@ghost ghost assigned wfurt Jan 25, 2022
@ghost
Copy link

ghost commented Jan 25, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

This back port of #61891

Customer Impact

The issue described in #61891 impacts use of CipherSuitesPolicy. However the Tls13Supported is internal static properly and when incorrectly set to false it prevents application from using Tls1.3

Regression

yes. This was introduced in 6.0

Testing

Testing was manual as the behavior depends on loading native ship and sequence of operations - both happen bore our test even start. I used the sample code form #62973 and debugger to verify that the properly is properly set.

Risk

small. This beasicly makes sure OpenSSL is initialized before we use it.

Author: wfurt
Assignees: -
Labels:

Servicing-consider, area-System.Net.Security
Milestone: 6.0.x

@leecow leecow added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Jan 25, 2022
@leecow leecow modified the milestones: 6.0.x, 6.0.3 Jan 25, 2022
@wfurt
Copy link
Member Author

wfurt commented Feb 7, 2022

SendPacketsElement_FileLargeOffset_Throws on Windows is unrelated. ( #63888)
Mono failure is #57941

@safern safern merged commit 78ca1be into dotnet:release/6.0 Feb 7, 2022
@wfurt wfurt mentioned this pull request Feb 8, 2022
Closed
@eiriktsarpalis eiriktsarpalis mentioned this pull request Feb 25, 2022
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Mar 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@karelz karelz karelz approved these changes

Assignees

@wfurt wfurt

Labels
area-System.Net.Security Servicing-approved Approved for servicing release
Projects
None yet
Milestone
6.0.3
Development

Successfully merging this pull request may close these issues.
4 participants
@wfurt @karelz @leecow @safern