Bug 43332 - [Client Certificates] TLS Renegotiation for client certificates
Summary: [Client Certificates] TLS Renegotiation for client certificates
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll (show other bugs)
Version: XI 9.6 (iOS 9.3)
Hardware: Macintosh Mac OS
: Normal normal
Target Milestone: Future Cycle (TBD)
Assignee: Martin Baulig
Depends on: 58891
  Show dependency tree
Reported: 2016-08-14 00:57 UTC by Ian
Modified: 2017-11-28 20:19 UTC (History)
4 users (show)

See Also:
Is this bug a regression?: ---
Last known good build:


Description Ian 2016-08-14 00:57:49 UTC
Create a simple iOS app, put this in the ViewDidLoad

         var webClient = new System.Net.WebClient ();
         webClient.Encoding = Encoding.UTF8;

         var good = webClient.DownloadString (new Uri ("https://www.google.ca"));
         var bad = webClient.DownloadString (new Uri ("https://sandapps.com/InAppAds/ads.json.txt"));

The "good" downloads, the "bad" times out.

That file is available, and works on older versions of Xamarin on all my apps. I tried renaming the file to .html and it still times out.

Comment 1 Ian 2016-08-14 01:22:19 UTC
Running the same code in a Windows Console app works fine.
Comment 2 Ian 2016-08-14 01:53:17 UTC
The site had old SSL 3 enabled, I have disabled that to see if it might help.
Comment 3 Vincent Dondain [MSFT] 2016-08-19 23:15:41 UTC
I can confirm the issue, it is not working for me either with latest versions of the products.

This is with the default settings for HttpClient (Managed) and SSL/TLS (Apple TLS).

Xamarin Studio Enterprise
Version 6.2 (build 355)
Installation UUID: 276439ce-67ad-434d-89e9-b46e0bdbc7ce
	Mono 4.4.2 (mono-4.4.0-branch-c7sr1/f72fe45) (64-bit)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 404020011

Apple Developer Tools
Xcode 8.0 (11239.2)
Build 8S201h

Version: (Xamarin Enterprise)

Version: (Xamarin Enterprise)
Hash: 2a0702e
Branch: modelio-b1
Build date: 2016-08-18 19:28:59+0200

Build Information
Release ID: 602000355
Git revision: 795bbb66b7d41dbbe908342a04a9e1348fab5c19
Build date: 2016-08-16 13:37:53-04
Xamarin addins: 159d5850a21119ebef9ce39c10d0760ec3cd963b
Build lane: monodevelop-mdaddins-master
Comment 4 Rolf Bjarne Kvinge [MSFT] 2016-08-24 15:19:33 UTC
This sounds like something in the https code, Martin, can you have a look?
Comment 5 Ian 2016-09-24 23:08:07 UTC
I can confirm this is *not* fixed in the Beta

FAILS: https://sandapps.com/InAppAds/ads.json.txt
WORKS: https://9Minutes.org/Content/SandApps/ads.json.txt


Xamarin Studio Enterprise
Version 6.1.1 (build 15)
Installation UUID: 763e4dce-ffee-4a16-9c41-1f9b4c900485
	Mono 4.6.0 (mono-4.6.0-branch/8d0eee7) (64-bit)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 406000251


Not Installed

Apple Developer Tools
Xcode 8.0 (11246)
Build 8A218a

Version: (Xamarin Enterprise)

Version: (Xamarin Enterprise)
Android SDK: /Users/vink/Library/Developer/Xamarin/android-sdk-macosx
	Supported Android versions:
		4.0.3 (API level 15)
		4.4   (API level 19)
		5.0   (API level 21)
		6.0   (API level 23)

SDK Tools Version: 24.4.1
SDK Platform Tools Version: 23.1
SDK Build Tools Version: 23.0.1

Java SDK: /usr
java version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) 64-Bit Server VM (build 24.71-b01, mixed mode)

Android Designer EPL code available here:

Xamarin Android Player
Version: 0.6.5
Location: /Applications/Xamarin Android Player.app

Version: (Xamarin Enterprise)
Hash: c9eb5b0
Branch: xcode8
Build date: 2016-09-16 20:50:23-0400

Build Information
Release ID: 601010015
Git revision: fa52f02641726146e2589ed86ec4097fbe101888
Build date: 2016-09-22 08:03:02-04
Xamarin addins: 75d65712af93d54dc39ae4c42b21dfa574859fd6
Build lane: monodevelop-lion-cycle8-sr0

Operating System
Mac OS X 10.11.6
Darwin Vink15.local 15.6.0 Darwin Kernel Version 15.6.0
    Mon Aug 29 20:21:34 PDT 2016
    root:xnu-3248.60.11~1/RELEASE_X86_64 x86_64
Comment 6 Martin Baulig 2016-11-11 10:56:46 UTC
Bump; bumping everything that I still need to look into.
Comment 7 Martin Baulig 2016-11-11 15:22:03 UTC
We currently do not support TLS Renegotiation for client certificates in either AppleTls or BTLS.

I am currently not sure what the implications are and how difficult it would be to implement this.

What's happening here is that the "bad" URL https://sandapps.com/InAppAds/ads.json.txt triggers a TLS Renegotiation to ask for the client certificate.  This is actually the recommended way for a server to do that.

Note You need to log in before you can comment on or make changes to this bug.