huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disable AllowRenegotiation for HTTP/2

This commit is contained in:
Chris Ross (ASP.NET) 2018-06-04 09:51:00 -07:00
parent 0419a44b77
commit 810a302e66
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/Http2SampleApp/Http2SampleApp.csproj
View File

@ -1,7 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk.Web"> <Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup> <PropertyGroup>
<TargetFrameworks>netcoreapp2.2</TargetFrameworks> <TargetFrameworks>netcoreapp2.2;net461</TargetFrameworks>
<IsPackable>false</IsPackable> <IsPackable>false</IsPackable>
<NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile> <NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile>
</PropertyGroup> </PropertyGroup>

2
src/Kestrel.Core/Internal/HttpsConnectionAdapter.cs
View File

@ -158,6 +158,8 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal
if ((_options.HttpProtocols & HttpProtocols.Http2) != 0) if ((_options.HttpProtocols & HttpProtocols.Http2) != 0)
{ {
sslOptions.ApplicationProtocols.Add(SslApplicationProtocol.Http2); sslOptions.ApplicationProtocols.Add(SslApplicationProtocol.Http2);
// https://tools.ietf.org/html/rfc7540#section-9.2.1
sslOptions.AllowRenegotiation = false;
} }
if ((_options.HttpProtocols & HttpProtocols.Http1) != 0) if ((_options.HttpProtocols & HttpProtocols.Http1) != 0)

8
test/Kestrel.FunctionalTests/HttpsConnectionAdapterTests.cs
View File

@ -12,6 +12,7 @@ using System.Net.Sockets;
using System.Security.Authentication; using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
using System.Text; using System.Text;
using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.Http.Features;
@ -345,11 +346,14 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
} }
} }
[Fact] [Theory]
public async Task CertificatePassedToHttpContext() [InlineData(HttpProtocols.Http1)]
[InlineData(HttpProtocols.Http1AndHttp2)] // Make sure Http/1.1 doesn't regress with Http/2 enabled.
public async Task CertificatePassedToHttpContext(HttpProtocols httpProtocols)
{ {
var listenOptions = new ListenOptions(new IPEndPoint(IPAddress.Loopback, 0)) var listenOptions = new ListenOptions(new IPEndPoint(IPAddress.Loopback, 0))
{ {
Protocols = httpProtocols,
ConnectionAdapters = ConnectionAdapters =
{ {
new HttpsConnectionAdapter(new HttpsConnectionAdapterOptions new HttpsConnectionAdapter(new HttpsConnectionAdapterOptions