Add SslProtocols option to HttpsConnectionFilter
This commit is contained in:
parent
bd30f28dfd
commit
bed8c67181
|
|
@ -18,6 +18,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
|
||||||
private readonly ClientCertificateMode _clientCertMode;
|
private readonly ClientCertificateMode _clientCertMode;
|
||||||
private readonly ClientCertificateValidationCallback _clientValidationCallback;
|
private readonly ClientCertificateValidationCallback _clientValidationCallback;
|
||||||
private readonly IConnectionFilter _previous;
|
private readonly IConnectionFilter _previous;
|
||||||
|
private readonly SslProtocols _sslProtocols;
|
||||||
private X509Certificate2 _clientCert;
|
private X509Certificate2 _clientCert;
|
||||||
|
|
||||||
public HttpsConnectionFilter(HttpsConnectionFilterOptions options, IConnectionFilter previous)
|
public HttpsConnectionFilter(HttpsConnectionFilterOptions options, IConnectionFilter previous)
|
||||||
|
|
@ -34,6 +35,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
|
||||||
_serverCert = options.ServerCertificate;
|
_serverCert = options.ServerCertificate;
|
||||||
_clientCertMode = options.ClientCertificateMode;
|
_clientCertMode = options.ClientCertificateMode;
|
||||||
_clientValidationCallback = options.ClientCertificateValidation;
|
_clientValidationCallback = options.ClientCertificateValidation;
|
||||||
|
_sslProtocols = options.SslProtocols;
|
||||||
_previous = previous;
|
_previous = previous;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -47,7 +49,8 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
|
||||||
if (_clientCertMode == ClientCertificateMode.NoCertificate)
|
if (_clientCertMode == ClientCertificateMode.NoCertificate)
|
||||||
{
|
{
|
||||||
sslStream = new SslStream(context.Connection);
|
sslStream = new SslStream(context.Connection);
|
||||||
await sslStream.AuthenticateAsServerAsync(_serverCert);
|
await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: false,
|
||||||
|
enabledSslProtocols: _sslProtocols, checkCertificateRevocation: false);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -89,8 +92,7 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
|
||||||
return true;
|
return true;
|
||||||
});
|
});
|
||||||
await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: true,
|
await sslStream.AuthenticateAsServerAsync(_serverCert, clientCertificateRequired: true,
|
||||||
enabledSslProtocols: SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls,
|
enabledSslProtocols: _sslProtocols, checkCertificateRevocation: false);
|
||||||
checkCertificateRevocation: false);
|
|
||||||
}
|
}
|
||||||
context.Connection = sslStream;
|
context.Connection = sslStream;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using System.Security.Authentication;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Server.Kestrel.Https
|
namespace Microsoft.AspNet.Server.Kestrel.Https
|
||||||
|
|
@ -10,10 +11,12 @@ namespace Microsoft.AspNet.Server.Kestrel.Https
|
||||||
public HttpsConnectionFilterOptions()
|
public HttpsConnectionFilterOptions()
|
||||||
{
|
{
|
||||||
ClientCertificateMode = ClientCertificateMode.NoCertificate;
|
ClientCertificateMode = ClientCertificateMode.NoCertificate;
|
||||||
|
SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
|
||||||
}
|
}
|
||||||
|
|
||||||
public X509Certificate2 ServerCertificate { get; set; }
|
public X509Certificate2 ServerCertificate { get; set; }
|
||||||
public ClientCertificateMode ClientCertificateMode { get; set; }
|
public ClientCertificateMode ClientCertificateMode { get; set; }
|
||||||
public ClientCertificateValidationCallback ClientCertificateValidation { get; set; }
|
public ClientCertificateValidationCallback ClientCertificateValidation { get; set; }
|
||||||
|
public SslProtocols SslProtocols { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue