commit 474ddbd06dbf45a56dc5c85a75f7587a67ec33cc
author Nobuaki Sukegawa <nsuke@apache.org> Wed Feb 17 23:44:27 2016 +0900
committer Nobuaki Sukegawa <nsuke@apache.org> Fri Feb 19 01:06:05 2016 +0900
tree b90c3ca50fee32f6c4e02840bd79a188fe8a7988
parent e1e09c7967aa7149ae291de9da744142e67a3806

THRIFT-3639 C# Thrift library forces TLS 1.0, thwarting TLS 1.2 usage
Client: C#
Patch: Nobuaki Sukegawa

This closes #871

lib/csharp/src/Transport/TTLSServerSocket.cs

diff --git a/lib/csharp/src/Transport/TTLSServerSocket.cs b/lib/csharp/src/Transport/TTLSServerSocket.cs
index 631a593..99f21ca 100644
--- a/lib/csharp/src/Transport/TTLSServerSocket.cs
+++ b/lib/csharp/src/Transport/TTLSServerSocket.cs
@@ -20,6 +20,7 @@
 using System;
 using System.Net.Security;
 using System.Net.Sockets;
+using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 
 namespace Thrift.Transport
@@ -65,6 +66,11 @@
         private LocalCertificateSelectionCallback localCertificateSelectionCallback;
 
         /// <summary>
+        /// The SslProtocols value that represents the protocol used for authentication.
+        /// </summary>
+        private readonly SslProtocols sslProtocols;
+
+        /// <summary>
         /// Initializes a new instance of the <see cref="TTLSServerSocket" /> class.
         /// </summary>
         /// <param name="port">The port where the server runs.</param>
@@ -94,13 +100,16 @@
         /// <param name="certificate">The certificate object.</param>
         /// <param name="clientCertValidator">The certificate validator.</param>
         /// <param name="localCertificateSelectionCallback">The callback to select which certificate to use.</param>
+        /// <param name="sslProtocols">The SslProtocols value that represents the protocol used for authentication.</param>
         public TTLSServerSocket(
             int port,
             int clientTimeout,
             bool useBufferedSockets,
             X509Certificate2 certificate,
             RemoteCertificateValidationCallback clientCertValidator = null,
-            LocalCertificateSelectionCallback localCertificateSelectionCallback = null)
+            LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
+            // TODO: Enable Tls1 and Tls2 (TLS 1.1 and 1.2) by default once we start using .NET 4.5+.
+            SslProtocols sslProtocols = SslProtocols.Tls)
         {
             if (!certificate.HasPrivateKey)
             {
@@ -112,6 +121,7 @@
             this.useBufferedSockets = useBufferedSockets;
             this.clientCertValidator = clientCertValidator;
             this.localCertificateSelectionCallback = localCertificateSelectionCallback;
+            this.sslProtocols = sslProtocols;
             try
             {
                 // Create server socket
@@ -168,8 +178,8 @@
                     this.serverCertificate,
                     true,
                     this.clientCertValidator,
-                    this.localCertificateSelectionCallback
-                );
+                    this.localCertificateSelectionCallback,
+                    this.sslProtocols);
 
                 socket.setupTLS();