[release/6.0] make sure OpenSSL is initialized before Tls13Supported code runs #64252
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This back port of #62973
Fixes #61891
Customer Impact
Customer reported regression. When customer uses class
System.Net.Security.CipherSuitesPolicy
early in the process it will throw exception and it will also prevent ANY further usage of TLS 1.3 in that process.The root cause is bad dependency of static constructors which won't initialize OpenSSL in time. TLS 1.3 detection will fail without initialized OpenSSL and the (failed) result will be stored in a static variable.
Regression
Yes, it was introduced in 6.0
Testing
Testing was manual as the behavior depends on loading native ship and sequence of operations - both happen before our test even start. I used the sample code from #62973 and debugger to verify that the property is properly set.
Risk
Small. This basically makes sure OpenSSL is initialized before we use it.