Fail of the AcquireCredentialsHandleA for TLS 1.3

[YuriL180821]

Describe the bug

AcquireCredentialsHandleA return 0x80090331 for TLS1.3 protocol which leads to negotiation error AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE. Same methods with same credentials works fine for lower TLS versions

Expected Behavior

AcquireCredentialsHandleA should return SEC_E_OK for any TLS protocol versions

Current Behavior

AcquireCredentialsHandleA fails for latest master on given moment https://github.com/awslabs/aws-c-io/blob/a3555c86bd10149a1ab0c1b2810756ec54cfbe3a/source/windows/secure_channel_tls_handler.c#L1738

Reproduction Steps

activate AWS_IO_TLSv1_3 version for tls handler

Possible Solution

According to MS learn https://learn.microsoft.com/en-us/answers/questions/708734/tls-1-3-doesnt-work-on-windows-11-through-schannel

In order to use TLS 1.3 with schannel, you should use the SCH_CREDENTIALS structure instead of the SCHANNEL_CRED structure with AcquireCredentialsHandle().

SCH_CREDENTIALS - Win32 apps | Microsoft Learn

i.e current sc_ctx->credentials which is pointer to SCHANNEL_CRED structure

SECURITY_STATUS status = AcquireCredentialsHandleA(
    NULL,
    UNISP_NAME,
    credential_use,
    NULL,
    &sc_ctx->credentials,//<-- currently it is SCHANNEL_CRED
   ...);

should be replaced on SCH_CREDENTIALS

Additional Information/Context

AWS CPP SDK version used

1.26.0, 1.30.0

Compiler and Version used

MSVS 2022 Professional

Operating System and version

Windows 11 x64

[jmklix]

It look like you are trying to use the IoT sdk not this sdk. Can you open an issues here(aws-iot-device-sdk-cpp-v2) and provide a code sample that reproduces this?

[YuriL180821]

Hello @jmklix

Thanks for reacting on my issue ! Looks like you are right my issue is about problem in AWS-C-IO which in it's turn is one of submodule into AWS CRT CPP

It's because this is submodule of current SDK I made a little bit correct assumption about responsibilities about right team for fixing that problem. I'm going to address this issue to them, now.

Regards, Yurii.

[YuriL180821]

Already did right targeting team and registered issue for AWS-C-IO, link on problem is https://github.com/awslabs/aws-c-io/issues/609

[SergeyRyabinin]

Hi @YuriL180821 ,

Thank you for reporting this issue. As discussed, this one is for AWS Iot SDK for CPP and out common dependency AWS CRT / aws-c-io. I will close this issue, please contact us again should you have any other issue.

Best regards, Sergey

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.