Add SslProtocols option to HttpsConnectionFilter

2015-11-14 12:53:29 +01:00 · 2015-11-14 12:53:29 +01:00 · bed8c67181
parent bd30f28dfd
commit bed8c67181
2 changed files with 8 additions and 3 deletions
--- a/src/Microsoft.AspNet.Server.Kestrel.Https/HttpsConnectionFilter.cs
+++ b/src/Microsoft.AspNet.Server.Kestrel.Https/HttpsConnectionFilter.cs
@ -18,6 +18,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
        private readonly ClientCertificateMode _clientCertMode;
        private readonly ClientCertificateValidationCallback _clientValidationCallback;
        private readonly IConnectionFilter _previous;
+        private readonly SslProtocols _sslProtocols;
        private X509Certificate2 _clientCert;

        public HttpsConnectionFilter(HttpsConnectionFilterOptions options, IConnectionFilter previous)
@ -34,6 +35,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
            _serverCert = options.ServerCertificate;
            _clientCertMode = options.ClientCertificateMode;
            _clientValidationCallback = options.ClientCertificateValidation;
+            _sslProtocols = options.SslProtocols;
            _previous = previous;
        }

@ -47,7 +49,8 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
                if (_clientCertMode == ClientCertificateMode.NoCertificate)
                {
                    sslStream = new SslStream(context.Connection);
-                    await sslStream.AuthenticateAsServerAsync(_serverCert);
+                    await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: false,
+                        enabledSslProtocols: _sslProtocols, checkCertificateRevocation: false);
                }
                else
                {
@ -89,8 +92,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
                            return true;
                        });
                    await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: true,
-                        enabledSslProtocols: SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls,
-                        checkCertificateRevocation: false);
+                        enabledSslProtocols: _sslProtocols, checkCertificateRevocation: false);
                }
                context.Connection = sslStream;
            }
--- a/src/Microsoft.AspNet.Server.Kestrel.Https/HttpsConnectionFilterOptions.cs
+++ b/src/Microsoft.AspNet.Server.Kestrel.Https/HttpsConnectionFilterOptions.cs
@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

+using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;

 namespace Microsoft.AspNet.Server.Kestrel.Https
@ -10,10 +11,12 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
        public HttpsConnectionFilterOptions()
        {
            ClientCertificateMode = ClientCertificateMode.NoCertificate;
+            SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
        }

        public X509Certificate2 ServerCertificate { get; set; }
        public ClientCertificateMode ClientCertificateMode { get; set; }
        public ClientCertificateValidationCallback ClientCertificateValidation { get; set; }
+        public SslProtocols SslProtocols { get; set; }
    }
 }