Latest Azure Linux 3.0 drop is getting TLS error during `dotnet restore`

[mthalman]

A new drop of Azure Linux 3.0 occurred last Friday which has caused AutoBuilder to attempt to rebuild the corresponding Dockerfiles in the nightly branch. The tests are failing there with this error:

#6 [build 6/8] RUN dotnet restore -r linux-x64
 #6 0.987   Determining projects to restore...
 #6 1.356 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 2.483 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 3.538 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 4.633 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 5.715 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 6.807 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 6.811 /source/app/app.csproj : error NU1301: Unable to load the service index for source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet6/nuget/v3/index.json.
 #6 6.821 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 7.867 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 8.939 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 10.01 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 11.12 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 12.19 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 12.20 /source/app/app.csproj : error NU1301: Unable to load the service index for source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet8/nuget/v3/index.json.
 #6 12.21 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 13.23 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 14.39 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 15.47 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 16.53 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 17.68 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 17.69 /source/app/app.csproj : error NU1301: Unable to load the service index for source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json.
 #6 17.71 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 18.91 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 20.11 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 21.16 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 22.26 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 23.30 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 23.30 /source/app/app.csproj : error NU1301: Unable to load the service index for source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json.
 #6 23.31 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 24.44 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 25.50 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 26.71 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 27.79 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 28.89 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 28.89 /source/app/app.csproj : error NU1301: Unable to load the service index for source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet6/nuget/v3/index.json.
 #6 28.90 [ERROR] error:41080106:SCOSSL::passed invalid argument:set_iv_fixed only works with TLS IV length at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.4.2/ScosslCommon/src/scossl_aes_aead.c, line 305
 #6 28.93   Failed to restore /source/app/app.csproj (in 27.66 sec).
 #6 ERROR: process "/bin/sh -c dotnet restore -r $rid" did not complete successfully: exit code: 1

This seems like the same issue as https://github.com/microsoft/SymCrypt-OpenSSL/issues/79, which was fixed by https://github.com/microsoft/azurelinux/pull/9139.

cc @eric-desrochers

[lbussell]

[Triage] This issue has been worked around in #5485. There is follow-up work to remove the workaround in https://github.com/dotnet/dotnet-buildtools-prereqs-docker/issues/1072 and there should be another issue opened for this in dotnet-docker.