disable Tls 1.0 and 1.1 tests on new Windows #68083
Conversation
wfurt
added
area-System.Net.Security
test-enhancement
|
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue Detailscontributes to #67682, #67685 and perhaps others. This is related to recent Server 2022 failures. When Server 2022 rolled out, all the older protocols were disables by Azure secure pack. We got approval to roll that back so we don't loose test coverage. However, there is catch. This is smallest change to ge t clean CI again. (extra platforms) btw we should take this back to relase/* @carlossanlop to stabilize runs on server 2022.
|
|
/azp run runtime-extra-platforms |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
none of the failing tests is in System.Net.Security or System.Net.Http. |
|
/backport to release/6.0 |
|
Started backporting to release/6.0: https://github.com/dotnet/runtime/actions/runs/2174475071 |
|
@danmoseley backporting to release/6.0 failed, the patch most likely resulted in conflicts: $ git am --3way --ignore-whitespace --keep-non-patch changes.patch
Applying: disable Tls 1.0 and 1.1 tests on new Windows
Using index info to reconstruct a base tree...
M src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
CONFLICT (content): Merge conflict in src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 disable Tls 1.0 and 1.1 tests on new Windows
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
* Resolve System.Net.Security.Tests.LoggingTest SkipTestException failure (#65322) * improve Tls12 detection on Windows7 (#67935) * disable Tls 1.0 and 1.1 tests on new Windows (#68083) * Don't throw from RemoteExecutor on SkipTestExceptions (#65105) * update SSL tests to deal better with disabled protocols (#65120) * update SSL tests to deal better with disabled protocols * Improve detection of Null encryption on Windows * update expectation for Mismatched protocols * update detection * wrap win32 exception * update ProtocolMismatchData sets * remove debug print * final cleanup * generate mismatch data * avoid SslProtocols.Default Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com> Co-authored-by: Tomas Weinfurt <tweinfurt@yahoo.com>
ghost
locked as resolved and limited conversation to collaborators
contributes to #67682, #67685 and perhaps others.
This is related to recent Server 2022 failures. When Server 2022 rolled out, all the older protocols were disables by Azure secure pack. We got approval to roll that back so we don't loose test coverage. However, there is catch.
While the older protocols were enabled by recent Helix change, the systems still has disabled weaker cipher suites and algorithms. So in practice the handshake fails with
System.ComponentModel.Win32Exception : The client and server cannot communicate, because they do not possess a common algorithm.This is smallest change to ge t clean CI again. (extra platforms)
Longer term we should either improve PlatformDetection to see if we have at least viable cipher suite for each TLS protocol version or improve CI machine configuration so each protocol can actually work when enable. (or both)
btw we should take this back to relase/* @carlossanlop to stabilize runs on server 2022.