none
possible LSASS handle leak during SSL Handshake RRS feed

  • Question

  • Hi all,
    I already posted a similar thread on .Net forum, but today at 2nd day of investigation, I think that LSASS and security is involved.
    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7d309b92-6930-4ed0-b8c1-c866cb5e9a1a/my-net-application-is-leaking-handles-into-lsassexe?forum=clr
    "with my officemates, we collected further info.
    The Leak is restricted in 2 compoenents.
    .Net SSLStream SslStream.AuthenticateAsServer and Java 8 SSLServerSocketFactory

    I think that LSASS.exe is bugged with handle leak, but .net library adopts a smart way to mitigate the problem, caching SSL connections and limiting handshake vs lsass.
    On the contrary Java 8 SSLServerSocketFactory re-init a new connection and e new SSL handshake for every new connection.

    which is the best forum for asking remediation ?
    we have prepared a very simple .Net server solution c# with 2 clients (Java 8 and .Net c#) and we are able to reproduce the weird behavior."

    Thanks in advance, Diego


    Diego scaravaggi (Freelancer)


    • Edited by dscaravaggi Friday, August 21, 2020 10:18 AM link missing
    Friday, August 21, 2020 10:17 AM

All replies

  • while I'm waiting a possible solution, I've found a mitigation with this empiric FIX

    forcing values:

    \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    MaximumCacheSize 0x3e8

    ServerCacheTime 0x1d4c0

    monitoring via procexp64 lsass.exe handle are throttling below 4500


    Diego scaravaggi (Freelancer)

    Friday, August 21, 2020 2:43 PM