Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fail of the AcquireCredentialsHandleA for TLS 1.3 #609

Open
YuriL180821 opened this issue Oct 13, 2023 · 3 comments · May be fixed by #676
Open

Fail of the AcquireCredentialsHandleA for TLS 1.3 #609

YuriL180821 opened this issue Oct 13, 2023 · 3 comments · May be fixed by #676
Labels
feature-request A feature should be added or improved. p3 This is a minor priority issue

Comments

@YuriL180821
Copy link

YuriL180821 commented Oct 13, 2023

Describe the bug

AcquireCredentialsHandleA return 0x80090331 for TLS1.3 protocol which leads to negotiation error AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE. Same methods with same credentials works fine for lower TLS versions

Note: current issue was initially registered for AWS CPP SDK aws/aws-sdk-cpp#2709

Expected Behavior

AcquireCredentialsHandleA should return SEC_E_OK for any TLS protocol versions

Current Behavior

AcquireCredentialsHandleA fails for latest master on given moment

SECURITY_STATUS status = AcquireCredentialsHandleA(

Reproduction Steps

activate AWS_IO_TLSv1_3 version for tls handler

Possible Solution

According to MS learn
https://learn.microsoft.com/en-us/answers/questions/708734/tls-1-3-doesnt-work-on-windows-11-through-schannel

In order to use TLS 1.3 with schannel, you should use the SCH_CREDENTIALS structure instead of the SCHANNEL_CRED structure with AcquireCredentialsHandle().

SCH_CREDENTIALS - Win32 apps | Microsoft Learn

i.e current sc_ctx->credentials which is pointer to SCHANNEL_CRED structure

SECURITY_STATUS status = AcquireCredentialsHandleA(
    NULL,
    UNISP_NAME,
    credential_use,
    NULL,
    &sc_ctx->credentials,//<-- currently it is SCHANNEL_CRED
   ...);

should be replaced on SCH_CREDENTIALS

Additional Information/Context

image

aws-c-io version used

v0.13.31

Compiler and version used

MSVS 2022 Professional

Operating System and version

Windows 11 x64

@YuriL180821 YuriL180821 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 13, 2023
@YuriL180821
Copy link
Author

Hello @AWS-C-IO team!

Could you please provide suggestion/timelines about fix for the problem?

Regards,
Yurii.

@jmklix
Copy link
Member

jmklix commented Oct 19, 2023

Thanks for opening this issue. This is something that we want to fix, but I don't have a timeline for when this will be completed. I will make sure to update here with the progress.

@jmklix jmklix added p3 This is a minor priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Oct 19, 2023
@jmklix jmklix added feature-request A feature should be added or improved. and removed bug This issue is a bug. labels Apr 9, 2024
@jmklix
Copy link
Member

jmklix commented Dec 16, 2024

This is currently being worked on and will be fixed with this PR: #676

@jmklix jmklix linked a pull request Dec 16, 2024 that will close this issue
@waahm7 waahm7 mentioned this issue Dec 18, 2024
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request A feature should be added or improved. p3 This is a minor priority issue
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants