From ae184d5dc8e873286e90c781d19b66259a5aa4d8 Mon Sep 17 00:00:00 2001
From: Radek Zikmund <32671551+rzikm@users.noreply.github.com>
Date: Tue, 9 Apr 2024 22:46:40 +0200
Subject: [PATCH] Disable user mapper for SslStream on Windows (TLS 1.3)
 (#100833)

---
 .../src/System/Net/Security/SslStreamPal.Windows.cs       | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
index 63b9aea0e4bd5..db9a70e5a6bbe 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
@@ -362,11 +362,9 @@ public static unsafe SafeFreeCredentials AcquireCredentialsHandleSchCredentials(
             if (isServer)
             {
                 direction = Interop.SspiCli.CredentialUse.SECPKG_CRED_INBOUND;
-                flags = Interop.SspiCli.SCH_CREDENTIALS.Flags.SCH_SEND_AUX_RECORD;
-                if (authOptions.CertificateContext?.Trust?._sendTrustInHandshake == true)
-                {
-                    flags |= Interop.SspiCli.SCH_CREDENTIALS.Flags.SCH_CRED_NO_SYSTEM_MAPPER;
-                }
+                flags =
+                    Interop.SspiCli.SCH_CREDENTIALS.Flags.SCH_SEND_AUX_RECORD |
+                    Interop.SspiCli.SCH_CREDENTIALS.Flags.SCH_CRED_NO_SYSTEM_MAPPER;
                 if (!allowTlsResume)
                 {
                     // Works only on server