runtime: [Fedora.30] Test failure: System.Net.Security.Tests.ApmSslStreamSystemDefaultTest.ClientAndServer_OneOrBothUseDefault_Ok(clientProtocols: Tls12, serverProtocols: null)

Test System.Net.Security.Tests.ApmSslStreamSystemDefaultTest/ClientAndServer_OneOrBothUseDefault_Ok(clientProtocols: Default, serverProtocols: null) has failed.

Message :

System.Security.Authentication.AuthenticationException : Authentication failed, see inner exception.
---- Interop+OpenSsl+SslException : SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
-------- Interop+Crypto+OpenSslCryptographicException : error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available

Stack Trace :

  at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 713
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 557
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 528
   at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 398
   at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 312
   at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.cs:line 234
   at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState) in /_/src/System.Net.Security/src/System/Net/Security/SslStream.cs:line 222
   at System.Net.Security.Tests.ApmSslStreamSystemDefaultTest.<>c__DisplayClass0_0.<AuthenticateClientAsync>b__0(AsyncCallback callback, Object state) in /_/src/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs:line 177
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl(Func`3 beginMethod, Func`2 endFunction, Action`1 endAction, Object state, TaskCreationOptions creationOptions) in /_/src/System.Private.CoreLib/shared/System/Threading/Tasks/FutureFactory.cs:line 777
   at System.Threading.Tasks.TaskFactory.FromAsync(Func`3 beginMethod, Action`1 endMethod, Object state) in /_/src/System.Private.CoreLib/shared/System/Threading/Tasks/TaskFactory.cs:line 886
   at System.Net.Security.Tests.ApmSslStreamSystemDefaultTest.AuthenticateClientAsync(String targetHost, X509CertificateCollection clientCertificates, Boolean checkCertificateRevocation, Nullable`1 protocols) in /_/src/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs:line 176
   at System.Net.Security.Tests.SslStreamSystemDefaultTest.ClientAndServer_OneOrBothUseDefault_Ok(Nullable`1 clientProtocols, Nullable`1 serverProtocols) in /_/src/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs:line 60
--- End of stack trace from previous location where exception was thrown ---
----- Inner Stack Trace -----
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount) in /_/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs:line 282
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) in /_/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Unix.cs:line 120
----- Inner Stack Trace -----

Build: -20190610.76(Master)

Failing configurations:

Debian.10.Amd64.Open-x64-Release Details: https://mc.dot.net/#/user/dotnet-bot/pr~2Fdotnet~2Fcorefx~2Frefs~2Fheads~2Fmaster/test~2Ffunctional~2Fcli~2Finnerloop~2F/20190610.76/workItem/System.Net.Security.Tests/analysis/xunit/System.Net.Security.Tests.ApmSslStreamSystemDefaultTest~2FClientAndServer_OneOrBothUseDefault_Ok(clientProtocols: Default, serverProtocols: null)

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 1
Comments: 27 (27 by maintainers)

Most upvoted comments

Sure, created a new one: https://github.com/dotnet/runtime/issues/32749

ViktorHofer on Feb 24, 2020

Ok I think I know what’s wrong. We currently set protocols using SSL_CTX_set_options explicitly but there is also orthogonal way to set that (orthogonal: they end up combining restrictions).

We need to clear that when doing explicit set:

    SSL_CTX_set_min_proto_version(ctx, 0);
    SSL_CTX_set_max_proto_version(ctx, 0);

I will send a PR after I finish investigating remaining test failures (there were more than 50 failing tests when I started)

krwq on Jul 17, 2019