Bug 43794 - HttpClient support of SNI with SSL/TLS Implementation set to Apple TLS (not Mono TLS)
Summary: HttpClient support of SNI with SSL/TLS Implementation set to Apple TLS (not M...
Status: RESOLVED DUPLICATE of bug 44225
Alias: None
Product: iOS
Classification: Xamarin
Component: General (show other bugs)
Version: XI 9.99 (iOS 10 previews)
Hardware: Macintosh Mac OS
: High major
Target Milestone: 10.2.1 (C8SR1)
Assignee: Martin Baulig
URL:
Depends on:
Blocks:
 
Reported: 2016-08-26 16:00 UTC by RobertN
Modified: 2016-09-13 14:02 UTC (History)
4 users (show)

See Also:
Tags:
Is this bug a regression?: Yes
Last known good build: XI 9.8.2.22


Attachments

Description RobertN 2016-08-26 16:00:37 UTC
SNI (Server Name Indication) Failure with using  SSL/TLS Implementation set to Apple TLS

# Steps to reproduce

			webView = new WKWebView(new CGRect(40, 100, 400, 400), new WKWebViewConfiguration());
			Add(webView);
			button = new UIButton(UIButtonType.System);
			button.Frame = new CGRect(40, 40, 100, 40);
			button.SetTitle("Fetch", UIControlState.Normal);
			Add(button);
			button.TouchUpInside += async (object sender, EventArgs e) =>
			{
sslPolicyErrors) => { return true; };
				var client = new System.Net.Http.HttpClient();
				var response = await client.GetAsync("https://sni.velox.ch");
				webView.LoadHtmlString(new NSString(await response.Content.ReadAsStringAsync()), new NSUrl(""));
			};

# Expected behavior

   TLS SNI Test Site: *.sni.velox.ch

   Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
   sent the following TLS server name indication extension (RFC 6066) in
   its ClientHello (negotiated protocol: TLSv1.2, cipher suite: 
   ECDHE-RSA-AES256-GCM-SHA384):

     sni.velox.ch

# Actual behavior

   TLS SNI Test Site: alice.sni.velox.ch

   Unfortunately, your client did not send a TLS server name indication
   extension (RFC 4366) in its ClientHello (negotiated protocol: TLSv1.2,
   cipher suite: ECDHE-RSA-AES256-GCM-SHA384), so you're probably 
   getting warnings about certificate name mismatches.
   In your request, this header was included:

     Host: sni.velox.ch

# Supplemental info (logs, images, videos)

   http://stackoverflow.com/questions/39168279/xamarin-support-of-sni-with-apple-tls-not-mono-tls

# Test environment (full version information)
			  
Xamarin.iOS
Version: 9.99.4.23 (Xamarin Studio Community)
Hash: f63ecd7
Branch: cycle8
Build date: 2016-08-23 14:45:42-040
Comment 1 RobertN 2016-08-26 16:03:27 UTC
Setting SSL/TLS Implementation to Mono TLS works fine with SNI.

Also using the "native" NSUrlSession works fine:

  webView = new WKWebView(new CGRect(40, 100, 400, 400), new WKWebViewConfiguration());
  Add(webView);
  button = new UIButton(UIButtonType.System);
  button.Frame = new CGRect(40, 40, 100, 40);
  button.SetTitle("Fetch", UIControlState.Normal);
  Add(button);
  button.TouchUpInside += async (object sender, EventArgs e) =>
  {
      var url = new NSUrl("https://sni.velox.ch");
      var task = await NSUrlSession.SharedSession.CreateDataTaskAsync(url);
      webView.LoadHtmlString(NSString.FromData(task.Data, NSStringEncoding.UTF8), new NSUrl(""));
  };
Comment 2 Sebastien Pouliot 2016-09-13 14:02:31 UTC
That's also fixed with https://github.com/xamarin/xamarin-macios/pull/815

*** This bug has been marked as a duplicate of bug 44225 ***

Note You need to log in before you can comment on or make changes to this bug.