Skip to content

Make Kestrel Endpoints' "SslProtocols" settable via config #22663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
halter73 opened this issue Jun 8, 2020 · 3 comments
Closed

Make Kestrel Endpoints' "SslProtocols" settable via config #22663

halter73 opened this issue Jun 8, 2020 · 3 comments
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions Done This issue has been fixed feature-kestrel help wanted Up for grabs. We would accept a PR to help resolve this issue
Milestone
5.0.0-preview7

Comments

@halter73
Copy link
Member

halter73 commented Jun 8, 2020
edited
Loading

Is your feature request related to a problem? Please describe.

Given our recent changes to Kestrel's default supported TLS protocol versions, we should make "SslProtocols" settable via config, not just code as demonstrated in the announcement.

Describe the solution you'd like

Putting something like the following appsettings.json should configure "SslProtocols".

{
  "Kestrel": {
    "EndpointDefaults": {
      "SslProtocols": [ "Tls11", "Tls12", "Tls13" ]
    },
    "Endpoints": {
      "NamedHttpsEndpoint": {
        "Url": "https://localhost:6443",
        "SslProtocols": [ "Tls12", "Tls13" ]
      }
    }
  }
}

Additional context

#22437
@halter73 halter73 changed the title Make Kestrel' Make Kestrel Endpoints' "SslProtocols" settable via config Jun 8, 2020
@halter73 halter73 added this to the Next sprint planning milestone Jun 8, 2020
@Tratcher Tratcher added help wanted Up for grabs. We would accept a PR to help resolve this issue area-servers feature-kestrel labels Jun 8, 2020
@fstaffa
Copy link
Contributor

fstaffa commented Jun 9, 2020

I would like to tackle this issue. Do I understand it correctly that it is about parsing configuration in ConfigurationReader and then passing it correctly in KestrelConfigurationLoader ?

There are tests related to ConfigurationReader I can update, but I haven't found any tests related to KestrelConfigurationLoader. Did I miss something?

@halter73
Copy link
Member Author

halter73 commented Jun 9, 2020

Thanks for taking a look.

There's https://github.com/dotnet/aspnetcore/blob/4d367898b3e904394b48f9a461a06ddb4657be07/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationBuilderTests.cs. Feel free to rename it to KestrelConfigurationLoaderTests in your PR.

@fstaffa
Copy link
Contributor

fstaffa commented Jun 10, 2020

Thank you for a quick reply. I will rename the tests to avoid confusion and I will create an MR later this week.

@fstaffa fstaffa mentioned this issue Jun 13, 2020
Merged
Tratcher pushed a commit that referenced this issue Jun 19, 2020
@fstaffa
Kestrel Endpoints' "SslProtocols" settable via config (#22663) (#22910)
a77e68f
@Tratcher Tratcher added the Done This issue has been fixed label Jun 19, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Jul 19, 2020
@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions Done This issue has been fixed feature-kestrel help wanted Up for grabs. We would accept a PR to help resolve this issue
Projects
None yet
Milestone
5.0.0-preview7
Development

No branches or pull requests
4 participants
@halter73 @fstaffa @Tratcher @amcasey