Support TLS Resume with client certificates on Linux

From #94080 (comment)

[...] mTLS is one of the most common mechanisms for S2S (service to service) calls. In AAD alone, there are >300 billion mTLS calls every day. (and this is just internal traffic). Our public facing flows also have significant mTLS : https://learn.microsoft.com/en-us/entra/identity/authentication/concept-certificate-based-authentication. Perf improvements in mTLS code paths can save millions of dollars in TLS costs.

Mutual authentication should be already fully supported on Windows, but we currently don't support it on Linux (and not at all on MacOS).

runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs

Lines 305 to 319 in 58e0349

    
           if (sslAuthenticationOptions.IsClient) 
        
           { 
        
               // We don't support client resume on old OpenSSL versions. 
        
               // We don't want to try on empty TargetName since that is our key. 
        
               // And we don't want to mess up with client authentication. It may be possible 
        
               // but it seems safe to get full new session. 
        
               if (!Interop.Ssl.Capabilities.Tls13Supported || 
        
                  string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost) || 
        
                  sslAuthenticationOptions.CertificateContext != null || 
        
                  sslAuthenticationOptions.ClientCertificates?.Count > 0 || 
        
                  sslAuthenticationOptions.CertSelectionDelegate != null) 
        
               { 
        
                   cacheSslContext = false; 
        
               } 
        
           }

This will need some more thinking and testing. Specifically against cases when we unintentionally restore session with wrong certificate. When we only have one identity for any given server it is pretty simple. But if we have multiple services running on different port (SslStream does not have access to EndPoint) or if we want to maintain multiple identities to same service things do get more tricky.

However, cases where only 1 client certificate is provided (whether via ClientCertificates collection, or CertificateContext, or perhaps even the certificate selection callback) may be simple and safe to implement.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support TLS Resume with client certificates on Linux #94561

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	if (sslAuthenticationOptions.IsClient)
	{
	// We don't support client resume on old OpenSSL versions.
	// We don't want to try on empty TargetName since that is our key.
	// And we don't want to mess up with client authentication. It may be possible
	// but it seems safe to get full new session.
	if (!Interop.Ssl.Capabilities.Tls13Supported \|\|
	string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost) \|\|
	sslAuthenticationOptions.CertificateContext != null \|\|
	sslAuthenticationOptions.ClientCertificates?.Count > 0 \|\|
	sslAuthenticationOptions.CertSelectionDelegate != null)
	{
	cacheSslContext = false;
	}
	}

Support TLS Resume with client certificates on Linux #94561

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions