2017-04-18 07:52:04 +08:00
## SslStream supports TLS Alerts
2017-04-06 04:52:19 +08:00
### Scope
Edge
### Version Introduced
4.7
### Source Analyzer Status
NotPlanned
### Change Description
2017-04-21 02:19:05 +08:00
After a failed TLS handshake, an
< xref:System.IO.IOException ? displayProperty = name > with an inner
< xref:System.ComponentModel.Win32Exception ? displayProperty = name > exception will
be thrown by the first I/O Read/Write operation. The
< xref:System.ComponentModel.Win32Exception.NativeErrorCode ? displayProperty = name >
code for the < xref:System.ComponentModel.Win32Exception ? displayProperty = name >
can be mapped to the TLS Alert from the remote party using this
2018-03-29 06:05:20 +08:00
[Schannel documentation ](https://msdn.microsoft.com/library/windows/desktop/dd721886%28v=vs.85%29.aspx ).
2017-04-21 02:19:05 +08:00
For more information, see
2018-03-29 06:05:20 +08:00
[RFC 2246: Section 7.2.2 Error alerts ](https://tools.ietf.org/html/rfc2246#section-7.2.2 ). < br />
2017-04-06 04:52:19 +08:00
2018-03-01 08:06:28 +08:00
The behavior in .NET Framework 4.6.2 and earlier is that the transport channel (usually TCP
2017-04-21 02:19:05 +08:00
connection) will timeout during either Write or Read if the other party failed
the handshake and immediately afterwards rejected the connection.
2017-04-06 04:52:19 +08:00
- [x] Quirked
- [ ] Build-time break
### Recommended Action
2017-04-21 02:19:05 +08:00
Applications calling network I/O APIs such as < xref:System.IO.Stream.Read ( System . Byte [ ] , System . Int32 , System . Int32 ) > /< xref:System.IO.Stream.Write ( System . Byte [ ] , System . Int32 , System . Int32 ) >
should handle < xref:System.IO.IOException > or
2018-03-29 06:05:20 +08:00
< xref:System.TimeoutException ? displayProperty = name > .< br / >
2017-04-06 04:52:19 +08:00
2018-03-01 08:06:28 +08:00
The TLS Alerts feature is enabled by default starting with .NET Framework 4.7.
Applications targeting versions of the .NET Framework from 4.0 through 4.6.2 running on a .NET Framework 4.7 or higher
2018-03-29 06:05:20 +08:00
system will have the feature disabled to preserve compatibility. < br / >
2017-04-06 04:52:19 +08:00
2017-04-21 02:19:05 +08:00
The following configuration API is available to enable or disable the feature
2018-03-01 08:06:28 +08:00
for .NET Framework 4.6 and later applications running on .NET Framework 4.7 or later.
2017-04-06 04:52:19 +08:00
2018-03-29 06:05:20 +08:00
- Programmatically:
2017-04-21 02:19:05 +08:00
2017-04-06 04:52:19 +08:00
Must be the very first thing the application does since ServicePointManager will initialize only once:
2018-03-01 08:06:28 +08:00
```csharp
2017-04-06 04:52:19 +08:00
AppContext.SetSwitch("TestSwitch.LocalAppContext.DisableCaching", true);
2018-03-01 08:06:28 +08:00
AppContext.SetSwitch("Switch.System.Net.DontEnableTlsAlerts", true); // Set to 'false' to enable the feature in .NET Framework 4.6 - 4.6.2.
```
2018-03-29 06:05:20 +08:00
- AppConfig:
2017-04-06 04:52:19 +08:00
2018-03-01 08:06:28 +08:00
```xml
< runtime >
< AppContextSwitchOverrides value = "Switch.System.Net.DontEnableTlsAlerts=true" / >
<!-- Set to 'false' to enable the feature in .NET Framework 4.6 - 4.6.2. -->
< / runtime >
```
2018-03-29 06:05:20 +08:00
- Registry key (machine global):
2017-04-06 04:52:19 +08:00
2018-03-29 06:05:20 +08:00
Set the Value to `false` to enable the feature in .NET Framework 4.6 - 4.6.2.
2017-04-06 04:52:19 +08:00
2018-03-01 08:06:28 +08:00
```
Key = HKLM\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\AppContext\Switch.System.Net.DontEnableTlsAlerts
Type = String
Value = "true"
```
2017-04-06 04:52:19 +08:00
### Affected APIs
* `T:System.Net.Security.SslStream`
* `T:System.Net.WebRequest`
* `T:System.Net.HttpWebRequest`
* `T:System.Net.FtpWebRequest`
* `T:System.Net.Mail.SmtpClient`
* `N:System.Net.Http`
### Category
2017-05-31 02:57:12 +08:00
Networking
Security
2017-04-06 04:52:19 +08:00
<!--
Bug 274590:SslStream TLS Alerts implementation
-->
2017-04-18 07:52:04 +08:00
<!-- breaking change id: 181 -->
