I've been testing Schannel with TLS1.3 and am handling the renegotiate on (the first) Decryptmessage.
Question though the RFC for TLS1.3 explicitly forbids renegotiation.
Is there something I'm missing ?
Published Mar 25, 2024
Version 1.0Blog Post
1 Comment
Andrei_PopovMicrosoft
Hi JohnT0859,
I'm assuming you're seeing SEC_I_RENEGOTIATE return value from a DecryptMessage call.
If this is the case, please refer to this article for correct handling: DecryptMessage (Schannel) function - Win32 apps | Microsoft Learn
SEC_I_RENEGOTIATE is just a return value. DecryptMessage caller may see it during a TLS<=1.2 renegotiation, but it may also be returned in a wide variety of other situations, including TLS 1.3 post-handshake messages. All it means is that you cannot continue encrypting/decrypting and must go back to the SSPI handshake loop (ISC/ASC calls).
Cheers,
Andrei