dotnet/Documentation/compatibility/tls-1-x-by-default-passes-s...

## TLS 1.x by default passes the SCH_SEND_AUX_RECORD flag to the underlying SCHANNEL API

### Scope
Edge

### Version Introduced
4.6

### Source Analyzer Status
NotPlanned

### Change Description

When using TLS 1.x, the .NET Framework relies on the underlying Windows SCHANNEL API. Starting with .NET Framework 4.6, the [`SCH_SEND_AUX_RECORD`](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx) flag is passed by default to SCHANNEL. This causes SCHANNEL to split data to be encrypted into two separate records, the first as a single byte and the second as *n*-1 bytes.   

In rare cases, this breaks communication between clients and existing servers that make the assumption that the data resides in a single record.

- [X] Quirked
- [ ] Build-time break

### Recommended Action

If this change breaks communication with an existing server, you can disable sending the [`SCH_SEND_AUX_RECORD`](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx) flag and restore the previous behavior of not splitting data into separate records by adding the following switch to the [`\<AppContextSwitchOverrides>` element](https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/appcontextswitchoverrides-element) in the [`\<runtime> section](https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/runtime-element) of your app configuration file:

```xml
<runtime>
   <AppContextSwitchOverrides   
          value="Switch.System.Net.DontEnableSchSendAuxRecord=true" /> 
</runtime>
```
> [!IMPORTANT] 
> This setting is provided for backward compatibility only. Its use is otherwise not recommended.

### Affected APIs
* `T:System.Net.Security.SslStream`
* `T:System.Net.ServicePointManager`
* `T:System.Net.Http.HttpClient`
* `T:System.Net.Mail.SmtpClient`
* `T:System.Net.HttpWebRequest`
* `T:System.Net.FtpWebRequest`

### Category
Networking

<!--
    ### Original Bug #186985
-->
Documented two .NET Framework 4.6 app compat switches (#615) * Documented DontEnableSchSendAuxRecord switch * added note * added second switch * Finished documenting switches * Added readme * Fixed formatting issues 2018-02-08 10:05:33 +08:00			`## TLS 1.x by default passes the SCH_SEND_AUX_RECORD flag to the underlying SCHANNEL API`

			`### Scope`
			`Edge`

			`### Version Introduced`
			`4.6`

			`### Source Analyzer Status`
			`NotPlanned`

			`### Change Description`

			When using TLS 1.x, the .NET Framework relies on the underlying Windows SCHANNEL API. Starting with .NET Framework 4.6, the [`SCH_SEND_AUX_RECORD`](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx) flag is passed by default to SCHANNEL. This causes SCHANNEL to split data to be encrypted into two separate records, the first as a single byte and the second as n-1 bytes.

			`In rare cases, this breaks communication between clients and existing servers that make the assumption that the data resides in a single record.`

			`- [X] Quirked`
			`- [ ] Build-time break`

			`### Recommended Action`

			If this change breaks communication with an existing server, you can disable sending the [`SCH_SEND_AUX_RECORD`](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx) flag and restore the previous behavior of not splitting data into separate records by adding the following switch to the [`\<AppContextSwitchOverrides>` element](https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/appcontextswitchoverrides-element) in the [`\<runtime> section](https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/runtime-element) of your app configuration file:

			```xml
			`<runtime>`
			`<AppContextSwitchOverrides`
			`value="Switch.System.Net.DontEnableSchSendAuxRecord=true" />`
			`</runtime>`
			```
			`> [!IMPORTANT]`
			`> This setting is provided for backward compatibility only. Its use is otherwise not recommended.`

			`### Affected APIs`
			* `T:System.Net.Security.SslStream`
			* `T:System.Net.ServicePointManager`
			* `T:System.Net.Http.HttpClient`
			* `T:System.Net.Mail.SmtpClient`
			* `T:System.Net.HttpWebRequest`
			* `T:System.Net.FtpWebRequest`

			`### Category`
			`Networking`

			`<!--`
			`### Original Bug #186985`
			`-->`