Skip to content

R
runtime

dotNET Platform / runtime
11 个月 前同步成功

通知 1
Star 1
Fork 0
R
runtime

体验新版 GitCode,发现更多精彩内容 >>

未验证 提交 8a6672ae 编写于 作者: R Radek Zikmund 提交者: GitHub
浏览文件
操作

Improve TLS1.3 detection in registry for QUIC (#70730) 

* Improve TLS1.3 detection in registry for QUIC

* Split client and server detection

* Code review feedback
上级 10438a57
隐藏空白更改
内联 并排
Showing with 26 addition and 18 deletion
src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Internal/MsQuicApi.cs
浏览文件 @ 8a6672ae
......@@ -38,7 +38,8 @@ private MsQuicApi(QUIC_API_TABLE* apiTable)
fixed (byte* pAppName = "System.Net.Quic"u8)
{
var cfg = new QUIC_REGISTRATION_CONFIG {
var cfg = new QUIC_REGISTRATION_CONFIG
{
AppName = (sbyte*)pAppName,
ExecutionProfile = QUIC_EXECUTION_PROFILE.LOW_LATENCY
};
......@@ -54,7 +55,8 @@ private MsQuicApi(QUIC_API_TABLE* apiTable)
internal static bool IsQuicSupported { get; }
internal static bool Tls13MayBeDisabled { get; }
internal static bool Tls13ServerMayBeDisabled { get; }
internal static bool Tls13ClientMayBeDisabled { get; }
static MsQuicApi()
{
......@@ -70,7 +72,8 @@ static MsQuicApi()
return;
}
Tls13MayBeDisabled = IsTls13Disabled();
Tls13ServerMayBeDisabled = IsTls13Disabled(true);
Tls13ClientMayBeDisabled = IsTls13Disabled(false);
}
IntPtr msQuicHandle;
......@@ -120,24 +123,28 @@ static MsQuicApi()
private static bool IsWindowsVersionSupported() => OperatingSystem.IsWindowsVersionAtLeast(MinWindowsVersion.Major,
MinWindowsVersion.Minor, MinWindowsVersion.Build, MinWindowsVersion.Revision);
private static bool IsTls13Disabled()
private static bool IsTls13Disabled(bool isServer)
{
#if TARGET_WINDOWS
string[] SChannelTLS13RegKeys = {
@"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client",
@"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server"
};
string SChannelTls13RegistryKey = isServer
? @"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server"
: @"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client";
using var regKey = Registry.LocalMachine.OpenSubKey(SChannelTls13RegistryKey);
foreach (var key in SChannelTLS13RegKeys)
if (regKey is null)
{
using var regKey = Registry.LocalMachine.OpenSubKey(key);
return false;
}
if (regKey is null) return false;
if (regKey.GetValue("Enabled") is int enabled && enabled == 0)
{
return true;
}
if (regKey.GetValue("Enabled") is int enabled && enabled == 0)
{
return true;
}
if (regKey.GetValue("DisabledByDefault") is int disabled && disabled == 1)
{
return true;
}
#endif
return false;
......
src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
浏览文件 @ 8a6672ae
......@@ -120,7 +120,8 @@ private static unsafe SafeMsQuicConfigurationHandle Create(QuicOptions options,
throw new Exception("MaxBidirectionalStreams overflow.");
}
if ((flags & QUIC_CREDENTIAL_FLAGS.CLIENT) == 0)
bool isServer = (flags & QUIC_CREDENTIAL_FLAGS.CLIENT) == 0;
if (isServer)
{
if (certificate == null && certificateContext == null)
{
......@@ -241,9 +242,9 @@ private static unsafe SafeMsQuicConfigurationHandle Create(QuicOptions options,
}
#if TARGET_WINDOWS
if ((Interop.SECURITY_STATUS)status == Interop.SECURITY_STATUS.AlgorithmMismatch && MsQuicApi.Tls13MayBeDisabled)
if ((Interop.SECURITY_STATUS)status == Interop.SECURITY_STATUS.AlgorithmMismatch && (isServer ? MsQuicApi.Tls13ServerMayBeDisabled : MsQuicApi.Tls13ClientMayBeDisabled))
{
throw new MsQuicException(status, SR.net_ssl_app_protocols_invalid);
throw new MsQuicException(status, SR.net_quic_tls_version_notsupported);
}
#endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册