Accessing the ClientCertificate property is triggering a TLS renegotiation on the HttpSysServer even though http.sys is configured properly not to request for client cert.
To ReproduceSteps to reproduce the behavior:
Using this version of ASP.NET Core 2.2. Create a brand new solution in Visual Studio 2019. Use the HttpSysServer version of the .NET core project. https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/httpsys?view=aspnetcore-3.0
Run this code if (HttpContext.Connection.ClientCertificate != null)
Purely because the ClientCertificateProperty is accessed, a TLS renegotiation is triggered and the user is prompted for a cert on the browser.
This is despite http.sys kernel mode driver being configured correctly not to request for clientcertificate. (netsh http add sslcert hostnameport=a.microsoftonline.com:443
certhash=EC9CA6E0E645AAB24F8AD890DF75A448824D2C37 appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}' certstorename=MY
clientcertnegotiation=disable).
Other listeners on top of http.sys such as IIS do not exhibit this behavior, they respect the http.sys configuration. The expected behavior is to respect the http.sys configuration and not trigger renegotiation purely because the code is trying to check if the ClientCertificate is null or not.
Additional contextThere is a closed issue already on this topic (the user did not provide a repro) : aspnet/HttpSysServer#340
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4