Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail of the AcquireCredentialsHandleA for TLS 1.3 #2709

Closed
YuriL180821 opened this issue Oct 11, 2023 · 5 comments
Closed

Fail of the AcquireCredentialsHandleA for TLS 1.3 #2709

YuriL180821 opened this issue Oct 11, 2023 · 5 comments
Assignees
@jmklix
Labels
bug This issue is a bug. p3 This is a minor priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 10 days.

Comments

@YuriL180821
Copy link

YuriL180821 commented Oct 11, 2023
edited
Loading

Describe the bug

AcquireCredentialsHandleA return 0x80090331 for TLS1.3 protocol which leads to negotiation error AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE. Same methods with same credentials works fine for lower TLS versions

Expected Behavior

AcquireCredentialsHandleA should return SEC_E_OK for any TLS protocol versions

Current Behavior

AcquireCredentialsHandleA fails for latest master on given moment
https://github.com/awslabs/aws-c-io/blob/a3555c86bd10149a1ab0c1b2810756ec54cfbe3a/source/windows/secure_channel_tls_handler.c#L1738

Reproduction Steps

activate AWS_IO_TLSv1_3 version for tls handler

Possible Solution

According to MS learn
https://learn.microsoft.com/en-us/answers/questions/708734/tls-1-3-doesnt-work-on-windows-11-through-schannel

In order to use TLS 1.3 with schannel, you should use the SCH_CREDENTIALS structure instead of the SCHANNEL_CRED structure with AcquireCredentialsHandle().

SCH_CREDENTIALS - Win32 apps | Microsoft Learn

i.e current sc_ctx->credentials which is pointer to SCHANNEL_CRED structure

SECURITY_STATUS status = AcquireCredentialsHandleA(
    NULL,
    UNISP_NAME,
    credential_use,
    NULL,
    &sc_ctx->credentials,//<-- currently it is SCHANNEL_CRED
   ...);

should be replaced on SCH_CREDENTIALS

Additional Information/Context

image

AWS CPP SDK version used

1.26.0, 1.30.0

Compiler and Version used

MSVS 2022 Professional

Operating System and version

Windows 11 x64
@YuriL180821 YuriL180821 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 11, 2023
@jmklix jmklix self-assigned this Oct 12, 2023
@jmklix
Copy link
Member

jmklix commented Oct 12, 2023

It look like you are trying to use the IoT sdk not this sdk. Can you open an issues here(aws-iot-device-sdk-cpp-v2) and provide a code sample that reproduces this?

@jmklix jmklix added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 10 days. p3 This is a minor priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Oct 12, 2023
@YuriL180821
Copy link
Author

YuriL180821 commented Oct 13, 2023
edited
Loading

Hello @jmklix

Thanks for reacting on my issue !
Looks like you are right my issue is about problem in AWS-C-IO which in it's turn is one of submodule into AWS CRT CPP

It's because this is submodule of current SDK
image
I made a little bit correct assumption about responsibilities about right team for fixing that problem.
I'm going to address this issue to them, now.

Regards,
Yurii.

@YuriL180821
Copy link
Author

YuriL180821 commented Oct 13, 2023
edited
Loading

Already did right targeting team and registered issue for AWS-C-IO,
link on problem is awslabs/aws-c-io#609

@SergeyRyabinin
Copy link
Contributor

Hi @YuriL180821 ,

Thank you for reporting this issue.
As discussed, this one is for AWS Iot SDK for CPP and out common dependency AWS CRT / aws-c-io.
I will close this issue, please contact us again should you have any other issue.

Best regards,
Sergey

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@YuriL180821 YuriL180821 mentioned this issue Apr 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmklix jmklix

Labels
bug This issue is a bug. p3 This is a minor priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 10 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmklix @SergeyRyabinin @YuriL180821