Setting SslServerAuthenticationOptions.ApplicationProtocols to an empty list fails on Ubuntu

[Tratcher]

Depending on how you write your logic, the ApplicationProtocols List may end up being empty (not null).

new SslServerAuthenticationOptions()
{
  ServerCertificate = _x509Certificate2,
  ApplicationProtocols = new(),
}

On Ubuntu.1804.Amd64.Open this causes the following error:

System.Security.Authentication.AuthenticationException : Authentication failed, see inner exception.
---- Interop+OpenSsl+SslException : SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
-------- Interop+Crypto+OpenSslCryptographicException : error:14094460:SSL routines:ssl3_read_bytes:reason(1120)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) in System.Net.Security.dll:token 0x6000322+0x51c
   at Microsoft.AspNetCore.Server.Kestrel.InMemory.FunctionalTests.HttpsConnectionMiddlewareTests.TlsHandshakeCallbackOptionsOverload_EmptyAlpnList_DisablesAlpn() in /_/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs:line 879
   at Microsoft.AspNetCore.Server.Kestrel.InMemory.FunctionalTests.HttpsConnectionMiddlewareTests.TlsHandshakeCallbackOptionsOverload_EmptyAlpnList_DisablesAlpn() in /_/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs:line 885
--- End of stack trace from previous location ---
----- Inner Stack Trace -----
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount) in System.Net.Security.dll:token 0x6000086+0xd2
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) in System.Net.Security.dll:token 0x6000450+0x20
----- Inner Stack Trace -----

There is no error on Windows, the handshake completes successfully without ALPN. (Mac still isn't supported #27727).

Discovered as part of dotnet/aspnetcore#34242 where I was attempting to use the presence of an empty list to disable auto-configuration.

Branch: main, 6.0 preview 7

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Depending on how you write your logic, the ApplicationProtocols List may end up being empty (not null).

new SslServerAuthenticationOptions()
{
  ServerCertificate = _x509Certificate2,
  ApplicationProtocols = new(),
}

On Ubuntu.1804.Amd64.Open this causes the following error:

System.Security.Authentication.AuthenticationException : Authentication failed, see inner exception.
---- Interop+OpenSsl+SslException : SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
-------- Interop+Crypto+OpenSslCryptographicException : error:14094460:SSL routines:ssl3_read_bytes:reason(1120)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) in System.Net.Security.dll:token 0x6000322+0x51c
   at Microsoft.AspNetCore.Server.Kestrel.InMemory.FunctionalTests.HttpsConnectionMiddlewareTests.TlsHandshakeCallbackOptionsOverload_EmptyAlpnList_DisablesAlpn() in /_/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs:line 879
   at Microsoft.AspNetCore.Server.Kestrel.InMemory.FunctionalTests.HttpsConnectionMiddlewareTests.TlsHandshakeCallbackOptionsOverload_EmptyAlpnList_DisablesAlpn() in /_/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs:line 885
--- End of stack trace from previous location ---
----- Inner Stack Trace -----
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount) in System.Net.Security.dll:token 0x6000086+0xd2
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) in System.Net.Security.dll:token 0x6000450+0x20
----- Inner Stack Trace -----

There is no error on Windows, the handshake completes successfully without ALPN. (Mac still isn't supported #27727).

Discovered as part of dotnet/aspnetcore#34242 where I was attempting to use the presence of an empty list to disable auto-configuration.

Branch: main, 6.0 preview 7

Author:	Tratcher
Assignees:	-
Labels:	area-System.Net.Security, bug
Milestone:	-

[wfurt]

Did you look what Windows send on the wire? I'm wondering if we should simple ignore empty list.
And do you know what OpenSSL version is used?

[karelz]

Triage: There is trivial workaround. Not critical for 6.0. Moving to Future.

[Tratcher]

Did you look what Windows send on the wire? I'm wondering if we should simple ignore empty list.

When set to an empty list Windows does not send the ALPN extension in the Server Hello. It seems safe to ignore on both platforms.

Windows has an explicit check for an empty list:

runtime/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs

Line 63 in 188c270

if (sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0)

runtime/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs

Line 92 in 188c270

if (sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0)

[wfurt]

OK, So it has essentially same check and that is ok. I was wondering if we are getting to point that give (invalid?) configuration would load on Windows but fail on Linux. And it seems like we are not.