Dealing with SEC_I_RENEGOTIATE and TLS1_ALERT_NO_RENEGOTIATION in SChannel

Question

I'm working with SChannel at the moment for an async (IOCP) based server and I've got most things working fine but I'm having a problem with renegotiation. Specifically, when peer A sends peer B a request to renegotiate and peer B responds with an TLS1 NO RENEGOTIATION alert how does peer A continue? I seem to have an invalid context at the point where I get the SEC_I_NO_RENEGOTIATION response and this prevents me from being able to continue to use the stream...

Updated I've done some more testing and it doesn't seem to be an invalid context but I do get SEC_E_ENCRYPT_FAILURE from the next call to Encrypt...

Is a request to renegotiate actually denyable? Or is NO RENEGOTIATION alert simply an informative error message which now means that the connection is useless? If so, why is it commented as being a 'warning' rather than an 'error'?? Nope; the TLS RFC (5246) clearly states that its up to the peer to decide if we can continue after a no renegotiation alert...

Updated It doesn't make any difference if I send the TLS alert using ApplyControlToken() or if I send it using EncryptMessage() with SECQOP_WRAP_OOB_DATA...

(for posterity.) It seems people on the Chromium team [have the same problem](http://code.google.com/p/chromium/issues/detail?id=36835) and they link to this issue. — André Caron, Aug 03 '11 at 17:53

score 1 · Answer 1 · answered Sep 21 '09 at 18:50

1

There was a HOTFIX issued for this a while back for Intel AMT based hardware. Essentially, the root certificate was stored as an SHA-1 hash instead of caching the entire certificate. SSPI passes all certificates EXCEPT the root, expecting the root to have this certificate for trust-chain verification. When the full root didn't exist, SSPI was forcing a re-negotiate.

The hotfix updates schannel on Win 2003 systems with Intel AMT installed.

Check out this KB: http://support.microsoft.com/kb/942841

answered Sep 21 '09 at 18:50

Kurt Johnson

414
5
13

Yet the situation I describe is on both Vista and Windows 7 and doesn't in any way include Intel AMT stuff ... I fail to see how this is relevant, but then perhaps I just don't understand? – Len Holgate Sep 21 '09 at 20:21
No, you failed to mention that. You're right it isn't relevant for your situation. Perhaps, it will help someone else. – Kurt Johnson Sep 22 '09 at 18:24

score 0 · Answer 2 · edited Jan 11 '13 at 17:40

0

May be this will help you: Code Project: SSLSocket.

edited Jan 11 '13 at 17:40

Nix

52,320
25
137
193

answered May 25 '09 at 08:32

Julian Popov

16,951
11
48
79

Looks like it's just a simple wrapper around the platform sdk example code. :( – Len Holgate May 30 '09 at 09:49

Dealing with SEC_I_RENEGOTIATE and TLS1_ALERT_NO_RENEGOTIATION in SChannel

2 Answers2