diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs index 44b8b50039d6..fe0b8dae14fd 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs @@ -142,7 +142,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); } } @@ -172,7 +172,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } @@ -207,14 +207,14 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2NoExt)); Assert.Equal(2, selectorCalled); } @@ -274,7 +274,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } @@ -340,7 +340,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) // HttpClient might not send the certificate because it is invalid or it doesn't match any // of the certificate authorities sent by the server in the SSL handshake. var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); } } @@ -417,7 +417,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); Assert.True(clientCertificateValidationCalled); } @@ -444,7 +444,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, false); } } @@ -469,7 +469,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, false); } } @@ -494,7 +494,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); } } @@ -528,7 +528,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); } } @@ -609,7 +609,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) var sslOptions = new SslClientAuthenticationOptions { TargetHost = "localhost", - EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11, + EnabledSslProtocols = SslProtocols.None, ApplicationProtocols = new List { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, }; diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs index 6ed69bcc1221..4849965c4069 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs @@ -115,7 +115,8 @@ public void ConfigureCertSelectorNeverLoadsDefaultCert() Assert.Null(serverOptions.DefaultCertificate); } - [Fact] + [ConditionalFact] + [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)] // Investigation: https://github.com/dotnet/aspnetcore/issues/22917 public async Task EmptyRequestLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); @@ -142,7 +143,8 @@ public async Task EmptyRequestLoggedAsDebug() userMessage: string.Join(Environment.NewLine, loggerProvider.ErrorLogger.ErrorMessages)); } - [Fact] + [ConditionalFact] + [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)] // Investigation: https://github.com/dotnet/aspnetcore/issues/22917 public async Task ClientHandshakeFailureLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); @@ -415,7 +417,7 @@ public async Task OnAuthenticate_SeesOtherSettings() using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null, - enabledSslProtocols: SslProtocols.Tls11 | SslProtocols.Tls12, + enabledSslProtocols: SslProtocols.None, checkCertificateRevocation: false); } } @@ -454,7 +456,7 @@ public async Task OnAuthenticate_CanSetSettings() using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null, - enabledSslProtocols: SslProtocols.Tls11 | SslProtocols.Tls12, + enabledSslProtocols: SslProtocols.None, checkCertificateRevocation: false); } } diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs index eb7a95a2281d..d7ea94abdd4a 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs @@ -55,7 +55,7 @@ public static TheoryData H2SpecTestCases var dataset = new TheoryData(); var toSkip = new string[] { /*"http2/5.1/8"*/ }; - var supportsAlpn = Utilities.CurrentPlatformSupportsAlpn(); + var supportsAlpn = Utilities.CurrentPlatformSupportsHTTP2OverTls(); foreach (var testcase in H2SpecCommands.EnumerateTestCases()) { diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs index b12740a1a43d..fcf32c1cd674 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs @@ -42,7 +42,7 @@ public static IEnumerable SupportedSchemes new[] { "http" } }; - if (Utilities.CurrentPlatformSupportsAlpn()) + if (Utilities.CurrentPlatformSupportsHTTP2OverTls()) { list.Add(new[] { "https" }); } diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs index db41d1e1b40f..d2e2ce85a4d2 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs @@ -7,10 +7,10 @@ namespace Interop.FunctionalTests { internal static class Utilities { - internal static bool CurrentPlatformSupportsAlpn() + internal static bool CurrentPlatformSupportsHTTP2OverTls() { - return // "Missing Windows ALPN support: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation#Support" - new MinimumOSVersionAttribute(OperatingSystems.Windows, WindowsVersions.Win81).IsMet + return // "Missing Windows ALPN support: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation#Support" or missing compatible ciphers (Win8.1) + new MinimumOSVersionAttribute(OperatingSystems.Windows, WindowsVersions.Win10).IsMet // "Missing SslStream ALPN support: https://github.com/dotnet/corefx/issues/30492" && new OSSkipConditionAttribute(OperatingSystems.MacOSX).IsMet // Debian 8 uses OpenSSL 1.0.1 which does not support ALPN