-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support TLS 1.3 #618
base: main
Are you sure you want to change the base?
Support TLS 1.3 #618
Conversation
…e we're depending on says `SslProtocols.None`. Apparently it'll do the right thing - allow the OS to specify which protocol to use
await ssl.AuthenticateAsClientAsync( | ||
serviceEndpoint.BaseUri.Host, | ||
new X509Certificate2Collection(), | ||
SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12 | SslProtocols.Tls13, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: It might make sense to pull this list out to a single place and perhaps make it user configurable within the HalibutRuntimeBuilder
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved although, Is it possible to write a test for this?
…ilable in .NET Framework 4.8.
Background
We want to support TLS 1.3 for server/tentacle communication.
We currently explicitly specify supported SSL protocols in Halibut, Tentacle, and Server.
In the long term, we intend to explore following Microsoft recommendations and not configuring protocols explicitly and leaving the choice to the OS.
In the immediate term, we are just going to add TLS 1.3. to the configured set of supported protocols.
This PR will be followed by PRs to Tentacle and Server to update Halibut.
Results
This PR just adds
SslProtocol.TLS13
to the set of supported protocols in the various places we configure protocols in Halibut.The change has been tested in branch builds of Tentacle and Server and we have confirmed that:
How to review this PR
Is the current testing sufficient?
Quality ✔️
Pre-requisites