Skip to content

Fix for TLS 1.3 session resumption on Linux #123239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
liveans merged 8 commits into from
Jan 20, 2026
Merged

Fix for TLS 1.3 session resumption on Linux #123239

liveans merged 8 commits into from
Jan 20, 2026

Conversation

@multiarc
Copy link
Contributor

@multiarc multiarc commented Jan 16, 2026

Fixes #123238

@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Jan 16, 2026
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Jan 16, 2026

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@MihuBot MihuBot mentioned this pull request Jan 16, 2026
Open
This was referenced Jan 16, 2026
Open
Open
Closed
@multiarc multiarc marked this pull request as ready for review January 17, 2026 01:46
@multiarc multiarc requested review from rzikm and wfurt January 17, 2026 01:50
rzikm
rzikm approved these changes Jan 19, 2026
View reviewed changes
Copy link
Member

@rzikm rzikm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks!

@rzikm rzikm requested a review from liveans January 19, 2026 08:44
@rzikm rzikm added this to the 11.0.0 milestone Jan 19, 2026
@liveans liveans requested a review from Copilot January 19, 2026 10:31
Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a regression in TLS 1.3 session resumption on Linux where resumed connections with client certificates incorrectly report IsMutuallyAuthenticated=false and LocalCertificate=null. The issue was introduced in a previous commit that added support for TLS resumption with client certificates.

Changes:

  • Added a regression test that verifies mutual authentication is correctly reported across multiple TLS connections (including resumed ones)
  • Added IntPtr overloads for SslSessionReused and SslGetSession interop methods to support the fix
  • Fixed NewSessionCallback in Interop.OpenSsl.cs to inherit certificate information from the current session when TLS 1.3 issues new session tickets on resumed connections

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
SslStreamMutualAuthenticationTest.cs Added regression test SslStream_Tls13ResumptionWithClientCert_IsMutuallyAuthenticatedTrue that verifies mutual authentication properties are correctly set across initial and resumed TLS connections
Interop.Ssl.cs Added IntPtr overloads for SslSessionReused and SslGetSession methods to enable calling these functions from unmanaged callback contexts
Interop.OpenSsl.cs Fixed NewSessionCallback to retrieve certificate information from the current session when TLS 1.3 issues new tickets on resumed connections (when SSL_get_certificate returns null)

@liveans liveans merged commit 156112a into dotnet:main Jan 20, 2026
89 checks passed
@dotnet-maestro dotnet-maestro bot mentioned this pull request Jan 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rzikm rzikm rzikm approved these changes

@liveans liveans liveans approved these changes

@wfurt wfurt Awaiting requested review from wfurt

Assignees

No one assigned

Labels

area-System.Net.Security community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

TLS 1.3 session resumption breaks IsMutuallyAuthenticated and LocalCertificate on Linux

4 participants

@multiarc @wfurt @rzikm @liveans