-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SslServerAuthenticationOptions API additions and suggestions #26210
Comments
Let's review the list and decide which things we want to do and when ... |
@baulig, you can trigger renegotiation in some situations using HttpListenerRequest.GetClientCertificate(). WCF does this on .NET Framework. When the listening port has been configured in HTTP.SYS to allow client certificates but not require one, it won't ask for one from the client in the initial TLS handshake. When WCF has decided the requesting URL needs a client certificate, it calls GetCertificate() which triggers an SSL renegotiation. |
This is necessary for CoreWCF when using Kestrel. |
@mconnew this issue has several things, can you be more specific what exactly is needed? |
Specifically allow renegotiation. The scenario is having a server listen over https but not require a client certificate for the initial TLS handshake. Once CoreWCF has read the HTTP headers, it might decide it needs the client to provide a client certificate. At that point the server needs to request a TLS renegotiation asking for the client certificate. We build on top of ASP.NET Core and Kestrel uses SslStream so this is an indirect usage, but we still need this functionality to exist for ASP.NET Core to be able to provide us this capability. |
I agree that 1. is pretty lame. However removal would be breaking change. I don't think it is worth to touch it. For 2., this is mostly about the peer. The question is if we can trigger callback if peer asks and if we want to allow it. This may be corner case but removal would be breaking change as well. What problem are you trying to solve with 3. @baulig ? @bartonjs may have some better insight to certificate details. It seems like most servers use altName and that is either host name (with wildcard) or IP.
|
Renegotiation does not exist in TLS1.3 so all this may come to past. I think wee should preserve existing behavior but not invest into new API. Aside from testing, I'm not sure how
with this, I'm inclined to close this issue. Let me know @baulig and @mconnew if you have concerns. cc: @aik-jahoda |
We shouldn't be forcing HTTP/2 and TLS1.3 semantics down level to earlier HTTP and TLS protocols. Lack of being able to renegotiate prevents moving some existing WCF services to CoreWCF. Some customers will have multiple endpoints on their service running on the same SSL port where one endpoint is using client certificate authentication, and another endpoint is using something else such as some HTTP authentication scheme. Without the ability to renegotiate, client side changes are needed to use different hostnames for the two endpoints, and they might not own the client side. It would also add a requirement for the client side to support SNI which isn't always the case. And it would add an extra cost to purchase a second service certificate for a second hostname. |
What would you need from SslStream @mconnew ? As you mention, you can ask for client certificate and that would trigger the renegotiation when possible. Do you have example of functionality that works in .NET Framework but not in Core? |
It's been a little while since I looked at the API and implementation and I just took another look as it looks like things have moved along since .NET Framework. I'm not seeing where asking for the client certificate would trigger renegotiation. SslStream.RemoteCertificate is a simply property getter and doesn't trigger anything. Am I missing something? In .NET Framework, WCF uses either HttpListener or ASP.NET with IIS which handles the renegotiation. On Core the new CoreWCF is built on top of ASP.NET Core, and Kestrel is the primary web host. That uses SslStream to handle the SSL/TLS layer, and as that can't renegotiate after the headers are received, we can't provide functionality parity with .NET Framework. |
I've opened a dedicated issue for (4), client cert negotiation. #49346 |
This is very old issue and I would like to drive to closure. Here is summary of proposed actions:
multi-issues like this are hard to track and complete. I will close it and if there is any disagreement please open specific issue. |
I have a few questions and suggestions regarding Client Certificates, TLS Renegotiation and the new
SslServerAuthenticationOptions
API:What is the purpose of the
EncryptionPolicy
property - is anyone actually using this for anything?When would you set this to something other than
RequireEncryption
?Do we actually need
SslServerAuthenticationOptions.AllowRenegotiation
?Renegotiation is typically initiated by the server and not a client and there is also lack of support for it from some of the native backends - for instance, neither BoringSSL nor Apple's SecureTransport allow renegotiation requests from a client.
The default value of it should also be changed to
false
when using any of the native backends where it's not supported.We should add something like this to
SslServerAuthenticationOptions
(possibly usingX500DistinguishedName[]
instead ofstring[]
):There is
SSLAddDistinguishedName()
in Secure Transport andSSL_CTX_set_client_CA_list()
in OpenSSL / BoringSSL that can be used in the native backend.As part of my work on implementing Client Certificates in Mono, I added the following to a Mono-specific interface:
How would you feel about adding something like that to
SslStream
?The
CanRenegotiate
property is there because not all native backends support TLS Renegotiation (Secure Transport does, BoringSSL does not).SslClientAuthenticationOptions
:The reasoning is that setting
ClientCertificates
without also usingLocalCertificateSelectionCallback
will send the client certificates during the initial handshake, before the server has authenticated itself. This could be a potential privacy issue. This property would essentially require the server to renegotiate before client authentication can be used.There is no API to tell
HttpListener
to renegotiate. Are there any plans on adding something to it?There is
HttpWebRequest.ClientCertificates
, but noLocalCertificateSelectionCallback
. So you cannot use the callback to distinguish between the initial handshake and renegotiation (see also point 5).The text was updated successfully, but these errors were encountered: