Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,498 questions
Experience with SSPI & TLS 1.3
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 3%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Andreas Lobbes
1
Reputation point
I made some experiences with TLS 1.3 via SSPI, which is still not enabled at default. It seems to be functional, tested on Win 10, but there are some pitfalls: - max. supported message size ought be the number reported by QueryContextAttributes(context, SECPKG_ATTR_STREAM_SIZES, pPkgSizes) in pPkgSizes->cbMaximumMessage, but in fact it is (pPkgSizes->cbMaximumMessage - 1). - When calling DecryptMessage(), don't rely on a valid Pointer in a returned SecBuffer struct, marked as SECBUFFER_EXTRA (eg. SecBuffer::BufferType == SECBUFFER_EXTRA), related SecBuffer::pvBuffer is sometimes NULL. Tests performed with latest updates.
{count} votes
-
Rita Han - MSFT 2,161 Reputation points2020-08-04T08:52:17.347+00:00 Welcome to Microsoft Q&A! There is a cbBlockSize parameter may cause the message padded. So can you confirm the following information: 1. What's value of
pPkgSizes->cbBlockSize. 2. How do you find "in fact it is (pPkgSizes->cbMaximumMessage - 1)"? 3. Is there any error or failure when rely oncbMaximumMessageto decrypt the message? -
Zhanglong Wu-MSFT 261 Reputation points Microsoft Vendor2020-09-01T03:03:46.5+00:00 Is there anything to update? it would be better to resolve the issue if you can provide more information as RitaHan mentioned.
Sign in to comment