This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
[Release/3.1] Fix infinite loop when end of stream is reached #42938
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cheenamalhotra
added
the
Servicing-consider
karinazhou
approved these changes
Jun 23, 2020
leecow
added
Servicing-approved
# for free
to subscribe to this conversation on GitHub.
Already have an account?
#.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ports dotnet/SqlClient#577 to fix issue dotnet/SqlClient#165 in System.Data.SqlClient
Summary
The issue has been occurring for many customer applications where Client and Server cannot find a common security protocol to continue SSL handshake as the server does not send any further information while the client continues to loop. This started happening recently when client OS and docker containers disabled TLS v1.0 and v1.1, while target servers were not upgraded to TLS v1.2.
Customer Impact
Medium: The issue impacts Linux and Mac applications where servers are not ready to transition to TLS v1.2.
Regression?
No, this issue is reproducible with all previous versions of .NET Core SqlClient drivers (impacts Managed SNI use-cases).
Testing
In order to test this issue, a special setup is required on server side, to disable TLS v1.2 while the client only supports with TLSv1.2+. Local testing has been done to confirm the fix is applicable and the driver can now come out of infinite loop and throw exception.
Risk
Low: The fix is not a major functional change, and it applies only to Linux/Mac customers if their servers are not updated to support TLS 1.2. This has also been released in Microsoft.Data.SqlClient v1.1.3 and v2.0.0.
cc: @danmosemsft @saurabh500 @David-Engel