TLS handshake stalls #320
Description
TLSHandshake is awaited even though encryption is advertised as being off - EncryptionLevel::Off
Here is the code:
#[tokio::main]
async fn main() -> Result<(), Error> {
tracing_subscriber::fmt()
.with_max_level(Level::TRACE)
.init();
let mut config = Config::from_ado_string(
"server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true",
)?;
config.authentication(AuthMethod::sql_server("sa", "PW"));
// config.encryption(tiberius::EncryptionLevel::NotSupported);
let tcp = TcpStream::connect(config.get_addr()).await?;
tcp.set_nodelay(true)?;
let mut client = Client::connect(config, tcp.compat_write()).await?;
client.query("SELECT * FROM some_table", &[]).await?;
Ok(())
}Yet, still TLS handshake will be performed in this function:
#[cfg(any(
feature = "rustls",
feature = "native-tls",
feature = "vendored-openssl"
))]
async fn tls_handshake(
self,
config: &Config,
encryption: EncryptionLevel,
) -> crate::Result<Self> {
if encryption != EncryptionLevel::NotSupported {
event!(Level::INFO, "Performing a TLS handshake");
let Self {
transport, context, ..
} = self;
let mut stream = match transport.into_inner() {
MaybeTlsStream::Raw(tcp) => {
create_tls_stream(config, TlsPreloginWrapper::new(tcp)).await?
}
_ => unreachable!(),
};
stream.get_mut().handshake_complete();
event!(Level::INFO, "TLS handshake successful");
let transport = Framed::new(MaybeTlsStream::Tls(stream), PacketCodec);
Ok(Self {
transport,
context,
flushed: false,
buf: BytesMut::new(),
})
} else {
event!(
Level::WARN,
"TLS encryption is not enabled. All traffic including the login credentials are not encrypted."
);
Ok(self)
}
}I'm not sure if this is right!? At least in my case it stalls and never returns from calling create_tls_stream() function on line 450 in tiberius::client::connection.
Here you can see the pre-login message stated encryption level is off:
