[Android] Investigate support for SSLStream below API Level 24

[steveisok]

The block below will throw a PNSE because SNIHostName and SSLEngine.setServerNames are only supported on API level 24 and above.

Here is a sample that can throw the PNSE:

using var client = new TcpClient("login.sequrix.com", 443);
            using var stream = new SslStream(client.GetStream(), false);
            stream.AuthenticateAsClient(new SslClientAuthenticationOptions()
            {
                TargetHost = "login.sequrix.com"
            });
            stream.Read(new byte[100], 0, 100);

We should investigate if there are any alternative approaches.

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

---

The block below will throw a PNSE because SNIHostName and setServerNames are only supported on API level 24 and above.

Here is a sample that can throw the PNSE:

using var client = new TcpClient("login.sequrix.com", 443);
            using var stream = new SslStream(client.GetStream(), false);
            stream.AuthenticateAsClient(new SslClientAuthenticationOptions()
            {
                TargetHost = "login.sequrix.com"
            });
            stream.Read(new byte[100], 0, 100);

We should investigate if there are any alternative approaches.

Author:	steveisok
Assignees:	-
Labels:	area-System.Net, untriaged
Milestone:	8.0.0

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

The block below will throw a PNSE because SNIHostName and setServerNames are only supported on API level 24 and above.

Here is a sample that can throw the PNSE:

using var client = new TcpClient("login.sequrix.com", 443);
            using var stream = new SslStream(client.GetStream(), false);
            stream.AuthenticateAsClient(new SslClientAuthenticationOptions()
            {
                TargetHost = "login.sequrix.com"
            });
            stream.Read(new byte[100], 0, 100);

We should investigate if there are any alternative approaches.

Author:	steveisok
Assignees:	-
Labels:	area-System.Net, area-System.Net.Security, untriaged
Milestone:	8.0.0

[steveisok]

After looking at this again, it does seem returning UNSUPPORTED_API_LEVEL is heavy handed.

runtime/src/native/libs/System.Security.Cryptography.Native.Android/pal_sslstream.c

Lines 484 to 488 in 563297d

	if (g_SNIHostName == NULL || g_SSLParametersSetServerNames == NULL)
	{
	// SSL not supported below API Level 24
	return UNSUPPORTED_API_LEVEL;
	}

It does appear that the java SSLEngine can be created with a host name and a port. Not sure how much of the interop we would have to shuffle to accommodate.

[rgroenewoudt]

This also effects SocketsHttpHandler and ClientWebSocket usage with HTTPS.

For example:

var client = new HttpClient(new SocketsHttpHandler());
await client.GetStringAsync("https://google.com");