On Windows, in the first client-side read after the TLS1.3 handshake, a renegotiation happens in the client side, which is expected for Schannel on TLS1.3. However, the renegotiation is overwritting sslStream.NegotiatedApplicationProtocol with an empty value.
After the renegotiation happens, ProcessHandshakeSuccess is called, which will re-populate connectionInfo. However, when it gets the negotiated application protocol using SSPIWrapper.QueryBlittableContextAttributes(GlobalSSPI.SSPISecureChannel, context, Interop.SspiCli.ContextAttribute.SECPKG_ATTR_APPLICATION_PROTOCOL, ref alpnContext), it returns empty.
Description
On Windows, in the first client-side read after the TLS1.3 handshake, a renegotiation happens in the client side, which is expected for Schannel on TLS1.3. However, the renegotiation is overwritting
sslStream.NegotiatedApplicationProtocol
with an empty value.After the renegotiation happens,
ProcessHandshakeSuccess
is called, which will re-populateconnectionInfo
. However, when it gets the negotiated application protocol usingSSPIWrapper.QueryBlittableContextAttributes(GlobalSSPI.SSPISecureChannel, context, Interop.SspiCli.ContextAttribute.SECPKG_ATTR_APPLICATION_PROTOCOL, ref alpnContext)
, it returns empty.https://github.com/dotnet/runtime/blob/2feae23741a44e31e0e0de5d43e0a5919688505e/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs#L971C1-L996C10
https://github.com/dotnet/runtime/blob/2feae23741a44e31e0e0de5d43e0a5919688505e/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Windows.cs#L11C1-L38C10
Reproduction Steps
Client code:
The output in the client side:
Server code:
Expected behavior
Negotiated protocol should be http2 after first client-side read (this is the behavior with TLS1.2).
Actual behavior
Negotiated protocol is empty after first client-side read.
Regression?
No response
Known Workarounds
No response
Configuration
.NET SDK: Version: 8.0.205 Commit: 3e1383b780 Workload version: 8.0.200-manifests.818b3449
OS Name: Microsoft Windows 11 Enterprise OS Version: 10.0.22631 N/A Build 22631 Arch: x64
Other information
No response