Bug 43332 - [Client Certificates] TLS Renegotiation for client certificates
Summary: [Client Certificates] TLS Renegotiation for client certificates
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll ()
Version: XI 9.6 (iOS 9.3)
Hardware: Macintosh Mac OS
: Normal normal
Target Milestone: Future Cycle (TBD)
Assignee: Martin Baulig
Depends on: 58891
  Show dependency tree
Reported: 2016-08-14 00:57 UTC by Ian
Modified: 2017-11-28 20:19 UTC (History)
4 users (show)

Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report for Bug 43332 on Developer Community or GitHub if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: Developer Community HTML or GitHub Markdown
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:

Description Ian 2016-08-14 00:57:49 UTC
Create a simple iOS app, put this in the ViewDidLoad

         var webClient = new System.Net.WebClient ();
         webClient.Encoding = Encoding.UTF8;

         var good = webClient.DownloadString (new Uri ("https://www.google.ca"));
         var bad = webClient.DownloadString (new Uri ("https://sandapps.com/InAppAds/ads.json.txt"));

The "good" downloads, the "bad" times out.

That file is available, and works on older versions of Xamarin on all my apps. I tried renaming the file to .html and it still times out.

Comment 1 Ian 2016-08-14 01:22:19 UTC
Running the same code in a Windows Console app works fine.
Comment 2 Ian 2016-08-14 01:53:17 UTC
The site had old SSL 3 enabled, I have disabled that to see if it might help.
Comment 3 Vincent Dondain [MSFT] 2016-08-19 23:15:41 UTC
I can confirm the issue, it is not working for me either with latest versions of the products.

This is with the default settings for HttpClient (Managed) and SSL/TLS (Apple TLS).

Xamarin Studio Enterprise
Version 6.2 (build 355)
Installation UUID: 276439ce-67ad-434d-89e9-b46e0bdbc7ce
	Mono 4.4.2 (mono-4.4.0-branch-c7sr1/f72fe45) (64-bit)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 404020011

Apple Developer Tools
Xcode 8.0 (11239.2)
Build 8S201h

Version: (Xamarin Enterprise)

Version: (Xamarin Enterprise)
Hash: 2a0702e
Branch: modelio-b1
Build date: 2016-08-18 19:28:59+0200

Build Information
Release ID: 602000355
Git revision: 795bbb66b7d41dbbe908342a04a9e1348fab5c19
Build date: 2016-08-16 13:37:53-04
Xamarin addins: 159d5850a21119ebef9ce39c10d0760ec3cd963b
Build lane: monodevelop-mdaddins-master
Comment 4 Rolf Bjarne Kvinge [MSFT] 2016-08-24 15:19:33 UTC
This sounds like something in the https code, Martin, can you have a look?
Comment 5 Ian 2016-09-24 23:08:07 UTC
I can confirm this is *not* fixed in the Beta

FAILS: https://sandapps.com/InAppAds/ads.json.txt
WORKS: https://9Minutes.org/Content/SandApps/ads.json.txt


Xamarin Studio Enterprise
Version 6.1.1 (build 15)
Installation UUID: 763e4dce-ffee-4a16-9c41-1f9b4c900485
	Mono 4.6.0 (mono-4.6.0-branch/8d0eee7) (64-bit)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 406000251


Not Installed

Apple Developer Tools
Xcode 8.0 (11246)
Build 8A218a

Version: (Xamarin Enterprise)

Version: (Xamarin Enterprise)
Android SDK: /Users/vink/Library/Developer/Xamarin/android-sdk-macosx
	Supported Android versions:
		4.0.3 (API level 15)
		4.4   (API level 19)
		5.0   (API level 21)
		6.0   (API level 23)

SDK Tools Version: 24.4.1
SDK Platform Tools Version: 23.1
SDK Build Tools Version: 23.0.1

Java SDK: /usr
java version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) 64-Bit Server VM (build 24.71-b01, mixed mode)

Android Designer EPL code available here:

Xamarin Android Player
Version: 0.6.5
Location: /Applications/Xamarin Android Player.app

Version: (Xamarin Enterprise)
Hash: c9eb5b0
Branch: xcode8
Build date: 2016-09-16 20:50:23-0400

Build Information
Release ID: 601010015
Git revision: fa52f02641726146e2589ed86ec4097fbe101888
Build date: 2016-09-22 08:03:02-04
Xamarin addins: 75d65712af93d54dc39ae4c42b21dfa574859fd6
Build lane: monodevelop-lion-cycle8-sr0

Operating System
Mac OS X 10.11.6
Darwin Vink15.local 15.6.0 Darwin Kernel Version 15.6.0
    Mon Aug 29 20:21:34 PDT 2016
    root:xnu-3248.60.11~1/RELEASE_X86_64 x86_64
Comment 6 Martin Baulig 2016-11-11 10:56:46 UTC
Bump; bumping everything that I still need to look into.
Comment 7 Martin Baulig 2016-11-11 15:22:03 UTC
We currently do not support TLS Renegotiation for client certificates in either AppleTls or BTLS.

I am currently not sure what the implications are and how difficult it would be to implement this.

What's happening here is that the "bad" URL https://sandapps.com/InAppAds/ads.json.txt triggers a TLS Renegotiation to ask for the client certificate.  This is actually the recommended way for a server to do that.