Closed
Description
full repro is here: https://github.com/markalward/DotNet/tree/main/RenegotiateIssue
Unhandled exception. System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090330): The specified data could not be decrypted.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken) in C:\Users\test\github\wfurt-runtime2\src\libraries\System.Net.Security\src\System\Net\Security\SslStream.IO.cs:line 336
at RenegotiateIssue.Program.DoClientHandshakeAsync(String serverName, Int32 port) in C:\Users\test\github\DotNet\RenegotiateIssue\Program.cs:line 68
at RenegotiateIssue.Program.DoClientHandshake(String serverName, Int32 port) in C:\Users\test\github\DotNet\RenegotiateIssue\Program.cs:line 43
at RenegotiateIssue.Program.Main(String[] args) in C:\Users\test\github\DotNet\RenegotiateIssue\Program.cs:line 30
Server error: System.IO.IOException: The encryption operation failed, see inner exception.
The problem is that we can feed channel more frames at one and both original handshake and request to renegotiate come in as TLS handshake frames. When we combine them together, AuthenticateAsClientAsync fails to complete moving to renegotiation. That would not be big deal IMHO but that eventually fails with decryption error - this is Windows specific issue because the way how it is handled by schannel.
One way how to fix is to revisit the logic that can feed more than one frame to PAL when available. That could have some perf impact so it feels it would be beter to figure out what schannel is failing to decrypt.