Make SNI unique in TLS test

src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.SslProtocols.cs

@@ -86,7 +86,7 @@ public static IEnumerable<object[]> GetAsync_AllowedSSLVersion_Succeeds_MemberDa
                 {
                     yield return new object[] { protocol, true };
 #pragma warning disable 0618 // SSL2/3 are deprecated
-                     // On certain platforms these are completely disabled and cannot be used at all.
+                    // On certain platforms these are completely disabled and cannot be used at all.
                     if (protocol != SslProtocols.Ssl2 && protocol != SslProtocols.Ssl3)
                     {
                         yield return new object[] { protocol, false };
@@ -126,16 +126,24 @@ public async Task GetAsync_AllowedSSLVersion_Succeeds(SslProtocols acceptedProto
 #pragma warning restore 0618
                 }
 
+                // Use a different SNI for each connection to prevent TLS 1.3 renegotiation issue: https://github.com/dotnet/runtime/issues/47378
+                client.DefaultRequestHeaders.Host = getTestSNIName();
+
                 var options = new LoopbackServer.Options { UseSsl = true, SslProtocols = acceptedProtocol };
                 await LoopbackServer.CreateServerAsync(async (server, url) =>
                 {
                     await TestHelper.WhenAllCompletedOrAnyFailed(
-                        server.AcceptConnectionSendResponseAndCloseAsync(),
-                        client.GetAsync(url));
+                      server.AcceptConnectionSendResponseAndCloseAsync(),
+                      client.GetAsync(url));
                 }, options);
 
                 Assert.Equal(1, count);
             }
+
+            string getTestSNIName()
+            {
+                return $"{nameof(GetAsync_AllowedSSLVersion_Succeeds)}_{acceptedProtocol}_{requestOnlyThisProtocol}";
+            }
         }
 
         public static IEnumerable<object[]> SupportedSSLVersionServers()

src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs

@@ -79,7 +79,8 @@ public async Task ClientAndServer_OneOrBothUseDefault_Ok(SslProtocols? clientPro
             using (X509Certificate2 serverCertificate = Configuration.Certificates.GetServerCertificate())
             using (X509Certificate2 clientCertificate = Configuration.Certificates.GetClientCertificate())
             {
-                string serverHost = serverCertificate.GetNameInfo(X509NameType.SimpleName, false);
+                // Use a different SNI for each connection to prevent TLS 1.3 renegotiation issue: https://github.com/dotnet/runtime/issues/47378
+                string serverHost = getTestSNIName();
                 var clientCertificates = new X509CertificateCollection() { clientCertificate };
 
                 await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
@@ -99,6 +100,16 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         _clientStream.SslProtocol + " " + _clientStream.HashAlgorithm);
                 }
             }
+
+            string getTestSNIName()
+            {
+                static string ProtocolToString(SslProtocols? protocol)
+                {
+                    return (protocol?.ToString() ?? "null").Replace(", ", "_");
+                }
+
+                return $"{nameof(ClientAndServer_OneOrBothUseDefault_Ok)}_{ProtocolToString(clientProtocols)}_{ProtocolToString(serverProtocols)}";
+            }
         }
 
         [ConditionalTheory(nameof(IsNotWindows7))]
@@ -130,6 +141,7 @@ private bool ClientCertCallback(object sender, X509Certificate certificate, X509
                 case SslPolicyErrors.None:
                 case SslPolicyErrors.RemoteCertificateChainErrors:
                 case SslPolicyErrors.RemoteCertificateNameMismatch:
+                case SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch:
                     return true;
                 case SslPolicyErrors.RemoteCertificateNotAvailable:
                 default: