This is an automated email from the ASF dual-hosted git repository.
jensg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/thrift.git
The following commit(s) were added to refs/heads/master by this push:
new a06eedcbf THRIFT-5743 add TLS1.3 to default protocols where available
Client: netstd Patch: Jens Geyer
a06eedcbf is described below
commit a06eedcbfc80c11b751d7cad20e3d9940b2bff67
Author: Jens Geyer <[email protected]>
AuthorDate: Thu Nov 16 23:23:04 2023 +0100
THRIFT-5743 add TLS1.3 to default protocols where available
Client: netstd
Patch: Jens Geyer
---
.../Thrift/Transport/Client/TTlsSocketTransport.cs | 23 ++++++++++++++++------
.../Transport/Server/TTlsServerSocketTransport.cs | 4 ++--
test/netstd/Client/TestClient.cs | 2 +-
test/netstd/Server/TestServer.cs | 2 +-
4 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
b/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
index e3da6f4c2..bda129007 100644
--- a/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
+++ b/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
@@ -16,6 +16,7 @@
// under the License.
using System;
+using System.Diagnostics;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
@@ -43,11 +44,19 @@ namespace Thrift.Transport.Client
private SslStream _secureStream;
private int _timeout;
+ #if NET7_0_OR_GREATER
+ public const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 |
SslProtocols.Tls13;
+ #else
+ public const SslProtocols DefaultSslProtocols = SslProtocols.Tls12;
+ #endif
+
+
+
public TTlsSocketTransport(TcpClient client, TConfiguration config,
X509Certificate2 certificate, bool isServer = false,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: base(config)
{
_client = client;
@@ -74,7 +83,7 @@ namespace Thrift.Transport.Client
string certificatePath,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: this(host, port, config, 0,
new X509Certificate2(certificatePath),
certValidator,
@@ -87,7 +96,7 @@ namespace Thrift.Transport.Client
X509Certificate2 certificate = null,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: this(host, port, config, 0,
certificate,
certValidator,
@@ -100,7 +109,7 @@ namespace Thrift.Transport.Client
X509Certificate2 certificate,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: base(config)
{
_host = host;
@@ -118,7 +127,7 @@ namespace Thrift.Transport.Client
X509Certificate2 certificate,
RemoteCertificateValidationCallback certValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols = DefaultSslProtocols)
: base(config)
{
try
@@ -237,7 +246,7 @@ namespace Thrift.Transport.Client
{
// Client authentication
var certs = _certificate != null
- ? new X509CertificateCollection {_certificate}
+ ? new X509CertificateCollection { _certificate }
: new X509CertificateCollection();
var targetHost = _targetHost ?? _host.ToString();
@@ -269,5 +278,7 @@ namespace Thrift.Transport.Client
_secureStream = null;
}
}
+
+
}
}
diff --git a/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
b/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
index 2b7f80cd1..0f72438e8 100644
--- a/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
+++ b/lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs
@@ -43,7 +43,7 @@ namespace Thrift.Transport.Server
X509Certificate2 certificate,
RemoteCertificateValidationCallback clientCertValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols =
TTlsSocketTransport.DefaultSslProtocols)
: base(config)
{
if (!certificate.HasPrivateKey)
@@ -65,7 +65,7 @@ namespace Thrift.Transport.Server
X509Certificate2 certificate,
RemoteCertificateValidationCallback clientCertValidator = null,
LocalCertificateSelectionCallback
localCertificateSelectionCallback = null,
- SslProtocols sslProtocols = SslProtocols.Tls12)
+ SslProtocols sslProtocols =
TTlsSocketTransport.DefaultSslProtocols)
: this(null, config, certificate, clientCertValidator,
localCertificateSelectionCallback, sslProtocols)
{
try
diff --git a/test/netstd/Client/TestClient.cs b/test/netstd/Client/TestClient.cs
index 183cfb430..3bf2daaae 100644
--- a/test/netstd/Client/TestClient.cs
+++ b/test/netstd/Client/TestClient.cs
@@ -257,7 +257,7 @@ namespace ThriftTest
trans = new TTlsSocketTransport(host, port,
Configuration, 0,
cert,
(sender, certificate, chain, errors) => true,
- null, SslProtocols.Tls12);
+ null);
break;
case TransportChoice.Socket:
diff --git a/test/netstd/Server/TestServer.cs b/test/netstd/Server/TestServer.cs
index fdbaa9718..a540d1919 100644
--- a/test/netstd/Server/TestServer.cs
+++ b/test/netstd/Server/TestServer.cs
@@ -606,7 +606,7 @@ namespace ThriftTest
trans = new TTlsServerSocketTransport(param.port,
Configuration,
cert,
(sender, certificate, chain, errors) => true,
- null, SslProtocols.Tls12);
+ null);
break;
case TransportChoice.Socket:
