{
yield return new object[] { protocol, true };
#pragma warning disable 0618 // SSL2/3 are deprecated
- // On certain platforms these are completely disabled and cannot be used at all.
+ // On certain platforms these are completely disabled and cannot be used at all.
if (protocol != SslProtocols.Ssl2 && protocol != SslProtocols.Ssl3)
{
yield return new object[] { protocol, false };
#pragma warning restore 0618
}
+ // Use a different SNI for each connection to prevent TLS 1.3 renegotiation issue: https://github.com/dotnet/runtime/issues/47378
+ client.DefaultRequestHeaders.Host = getTestSNIName();
+
var options = new LoopbackServer.Options { UseSsl = true, SslProtocols = acceptedProtocol };
await LoopbackServer.CreateServerAsync(async (server, url) =>
{
await TestHelper.WhenAllCompletedOrAnyFailed(
- server.AcceptConnectionSendResponseAndCloseAsync(),
- client.GetAsync(url));
+ server.AcceptConnectionSendResponseAndCloseAsync(),
+ client.GetAsync(url));
}, options);
Assert.Equal(1, count);
}
+
+ string getTestSNIName()
+ {
+ return $"{nameof(GetAsync_AllowedSSLVersion_Succeeds)}_{acceptedProtocol}_{requestOnlyThisProtocol}";
+ }
}
public static IEnumerable<object[]> SupportedSSLVersionServers()
using (X509Certificate2 serverCertificate = Configuration.Certificates.GetServerCertificate())
using (X509Certificate2 clientCertificate = Configuration.Certificates.GetClientCertificate())
{
- string serverHost = serverCertificate.GetNameInfo(X509NameType.SimpleName, false);
+ // Use a different SNI for each connection to prevent TLS 1.3 renegotiation issue: https://github.com/dotnet/runtime/issues/47378
+ string serverHost = getTestSNIName();
var clientCertificates = new X509CertificateCollection() { clientCertificate };
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
_clientStream.SslProtocol + " " + _clientStream.HashAlgorithm);
}
}
+
+ string getTestSNIName()
+ {
+ static string ProtocolToString(SslProtocols? protocol)
+ {
+ return (protocol?.ToString() ?? "null").Replace(", ", "_");
+ }
+
+ return $"{nameof(ClientAndServer_OneOrBothUseDefault_Ok)}_{ProtocolToString(clientProtocols)}_{ProtocolToString(serverProtocols)}";
+ }
}
[ConditionalTheory(nameof(IsNotWindows7))]
case SslPolicyErrors.None:
case SslPolicyErrors.RemoteCertificateChainErrors:
case SslPolicyErrors.RemoteCertificateNameMismatch:
+ case SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch:
return true;
case SslPolicyErrors.RemoteCertificateNotAvailable:
default: