THRIFT-5743 add TLS1.3 to default protocols where available
Client: netstd
Patch: Jens Geyer
diff --git a/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs b/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
index e3da6f4..bda1290 100644
--- a/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
+++ b/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
@@ -16,6 +16,7 @@
// under the License.
using System;
+using System.Diagnostics;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
@@ -43,11 +44,19 @@
private SslStream _secureStream;
private int _timeout;
+ #if NET7_0_OR_GREATER
+ public const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
+ #else
+ public const SslProtocols DefaultSslProtocols = SslProtocols.Tls12;
+ #endif
+
+
+
public TTlsSocketTransport(TcpClient client, TConfiguration config,
X509Certificate2 certificate, bool isServer = false,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: base(config)
{
_client = client;
@@ -74,7 +83,7 @@
string certificatePath,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: this(host, port, config, 0,
new X509Certificate2(certificatePath),
certValidator,
@@ -87,7 +96,7 @@
X509Certificate2 certificate = null,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: this(host, port, config, 0,
certificate,
certValidator,
@@ -100,7 +109,7 @@
X509Certificate2 certificate,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: base(config)
{
_host = host;
@@ -118,7 +127,7 @@
X509Certificate2 certificate,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: base(config)
{
try
@@ -237,7 +246,7 @@
{
// Client authentication
var certs = _certificate != null
- ? new X509CertificateCollection {_certificate}
+ ? new X509CertificateCollection { _certificate }
: new X509CertificateCollection();
var targetHost = _targetHost ?? _host.ToString();
@@ -269,5 +278,7 @@
_secureStream = null;
}
}
+
+
}
}
diff --git a/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs b/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
index 2b7f80c..0f72438 100644
--- a/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
+++ b/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
@@ -43,7 +43,7 @@
X509Certificate2 certificate,
RemoteCertificateValidationCallback clientCertValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = TTlsSocketTransport.DefaultSslProtocols)
: base(config)
{
if (!certificate.HasPrivateKey)
@@ -65,7 +65,7 @@
X509Certificate2 certificate,
RemoteCertificateValidationCallback clientCertValidator = null,
LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = TTlsSocketTransport.DefaultSslProtocols)
: this(null, config, certificate, clientCertValidator, localCertificateSelectionCallback, sslProtocols)
{
try
diff --git a/test/netstd/Client/TestClient.cs b/test/netstd/Client/TestClient.cs
index 183cfb4..3bf2daa 100644
--- a/test/netstd/Client/TestClient.cs
+++ b/test/netstd/Client/TestClient.cs
@@ -257,7 +257,7 @@
trans = new TTlsSocketTransport(host, port, Configuration, 0,
cert,
(sender, certificate, chain, errors) => true,
- null, SslProtocols.Tls12);
+ null);
break;
case TransportChoice.Socket:
diff --git a/test/netstd/Server/TestServer.cs b/test/netstd/Server/TestServer.cs
index fdbaa97..a540d19 100644
--- a/test/netstd/Server/TestServer.cs
+++ b/test/netstd/Server/TestServer.cs
@@ -606,7 +606,7 @@
trans = new TTlsServerSocketTransport(param.port, Configuration,
cert,
(sender, certificate, chain, errors) => true,
- null, SslProtocols.Tls12);
+ null);
break;
case TransportChoice.Socket: