Fail of the AcquireCredentialsHandleA for TLS 1.3

[YuriL180821]

Describe the bug

AcquireCredentialsHandleA return 0x80090331 for TLS1.3 protocol which leads to negotiation error AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE. Same methods with same credentials works fine for lower TLS versions

Note: current issue was initially registered for AWS CPP SDK https://github.com/aws/aws-sdk-cpp/issues/2709

Expected Behavior

AcquireCredentialsHandleA should return SEC_E_OK for any TLS protocol versions

Current Behavior

AcquireCredentialsHandleA fails for latest master on given moment https://github.com/awslabs/aws-c-io/blob/a3555c86bd10149a1ab0c1b2810756ec54cfbe3a/source/windows/secure_channel_tls_handler.c#L1738

Reproduction Steps

activate AWS_IO_TLSv1_3 version for tls handler

Possible Solution

According to MS learn https://learn.microsoft.com/en-us/answers/questions/708734/tls-1-3-doesnt-work-on-windows-11-through-schannel

In order to use TLS 1.3 with schannel, you should use the SCH_CREDENTIALS structure instead of the SCHANNEL_CRED structure with AcquireCredentialsHandle().

SCH_CREDENTIALS - Win32 apps | Microsoft Learn

i.e current sc_ctx->credentials which is pointer to SCHANNEL_CRED structure

SECURITY_STATUS status = AcquireCredentialsHandleA(
    NULL,
    UNISP_NAME,
    credential_use,
    NULL,
    &sc_ctx->credentials,//<-- currently it is SCHANNEL_CRED
   ...);

should be replaced on SCH_CREDENTIALS

Additional Information/Context

aws-c-io version used

v0.13.31

Compiler and version used

MSVS 2022 Professional

Operating System and version

Windows 11 x64

[YuriL180821]

Hello @AWS-C-IO team!

Could you please provide suggestion/timelines about fix for the problem?

Regards, Yurii.

[jmklix]

Thanks for opening this issue. This is something that we want to fix, but I don't have a timeline for when this will be completed. I will make sure to update here with the progress.