Skip to content

Always use system TLS defaults #706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rhysparry wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Always use system TLS defaults #706

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions source/Halibut.Tests/Transport/SecureClientFixture.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,7 @@ public async Task SecureClientClearsPoolWhenAllConnectionsCorrupt()
Certificates.Octopus,
halibutTimeoutsAndLimits,
new StreamFactory(),
NoOpSecureConnectionObserver.Instance,
SslConfiguration.Default
NoOpSecureConnectionObserver.Instance
);
var secureClient = new SecureListeningClient(GetProtocol, endpoint, Certificates.Octopus, log, connectionManager, tcpConnectionFactory);
ResponseMessage response = null!;
Expand Down
3 changes: 1 addition & 2 deletions source/Halibut.Tests/Transport/SecureListenerFixture.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,7 @@ public async Task SecureListenerDoesNotCreateHundredsOfIoEventsPerSecondOnWindow
timeoutsAndLimits,
new StreamFactory(),
NoOpConnectionsObserver.Instance,
NoOpSecureConnectionObserver.Instance,
SslConfiguration.Default
NoOpSecureConnectionObserver.Instance
);

var idleAverage = CollectCounterValues(opsPerSec)
Expand Down
12 changes: 4 additions & 8 deletions source/Halibut/HalibutRuntime.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ public class HalibutRuntime : IHalibutRuntime
readonly ISecureConnectionObserver secureConnectionObserver;
readonly IActiveTcpConnectionsLimiter activeTcpConnectionsLimiter;
readonly IControlMessageObserver controlMessageObserver;
readonly ISslConfigurationProvider sslConfigurationProvider;

internal HalibutRuntime(
IServiceFactory serviceFactory,
Expand All @@ -62,8 +61,7 @@ internal HalibutRuntime(
IRpcObserver rpcObserver,
IConnectionsObserver connectionsObserver,
IControlMessageObserver controlMessageObserver,
ISecureConnectionObserver secureConnectionObserver,
ISslConfigurationProvider sslConfigurationProvider
ISecureConnectionObserver secureConnectionObserver
)
{
this.serverCertificate = serverCertificate;
Expand All @@ -80,10 +78,9 @@ ISslConfigurationProvider sslConfigurationProvider
this.connectionsObserver = connectionsObserver;
this.secureConnectionObserver = secureConnectionObserver;
this.controlMessageObserver = controlMessageObserver;
this.sslConfigurationProvider = sslConfigurationProvider;

connectionManager = new ConnectionManagerAsync();
tcpConnectionFactory = new TcpConnectionFactory(serverCertificate, TimeoutsAndLimits, streamFactory, secureConnectionObserver, sslConfigurationProvider);
tcpConnectionFactory = new TcpConnectionFactory(serverCertificate, TimeoutsAndLimits, streamFactory, secureConnectionObserver);
activeTcpConnectionsLimiter = new ActiveTcpConnectionsLimiter(TimeoutsAndLimits);
}

Expand Down Expand Up @@ -138,8 +135,7 @@ public int Listen(IPEndPoint endpoint)
TimeoutsAndLimits,
streamFactory,
connectionsObserver,
secureConnectionObserver,
sslConfigurationProvider
secureConnectionObserver
);

listeners.DoWithExclusiveAccess(l =>
Expand Down Expand Up @@ -206,7 +202,7 @@ public async Task<ServiceEndPoint> DiscoverAsync(Uri uri, CancellationToken canc

public async Task<ServiceEndPoint> DiscoverAsync(ServiceEndPoint endpoint, CancellationToken cancellationToken)
{
var client = new DiscoveryClient(streamFactory, sslConfigurationProvider);
var client = new DiscoveryClient(streamFactory);
return await client.DiscoverAsync(endpoint, TimeoutsAndLimits, cancellationToken);
}

Expand Down
11 changes: 1 addition & 10 deletions source/Halibut/HalibutRuntimeBuilder.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ public class HalibutRuntimeBuilder
ISecureConnectionObserver? secureConnectionObserver;
IControlMessageObserver? controlMessageObserver;
MessageStreamWrappers queueMessageStreamWrappers = new();
ISslConfigurationProvider? sslConfigurationProvider;

public HalibutRuntimeBuilder WithQueueMessageStreamWrappers(MessageStreamWrappers queueMessageStreamWrappers)
{
Expand All @@ -52,12 +51,6 @@ public HalibutRuntimeBuilder WithSecureConnectionObserver(ISecureConnectionObser
return this;
}

public HalibutRuntimeBuilder WithSslConfigurationProvider(ISslConfigurationProvider sslConfigurationProvider)
{
this.sslConfigurationProvider = sslConfigurationProvider;
return this;
}

internal HalibutRuntimeBuilder WithStreamFactory(IStreamFactory streamFactory)
{
this.streamFactory = streamFactory;
Expand Down Expand Up @@ -193,7 +186,6 @@ public HalibutRuntime Build()
var secureConnectionObserver = this.secureConnectionObserver ?? NoOpSecureConnectionObserver.Instance;
var rpcObserver = this.rpcObserver ?? new NoRpcObserver();
var controlMessageObserver = this.controlMessageObserver ?? new NoOpControlMessageObserver();
var sslConfigurationProvider = this.sslConfigurationProvider ?? SslConfiguration.Default;

var halibutRuntime = new HalibutRuntime(
serviceFactory,
Expand All @@ -209,8 +201,7 @@ public HalibutRuntime Build()
rpcObserver,
connectionsObserver,
controlMessageObserver,
secureConnectionObserver,
sslConfigurationProvider
secureConnectionObserver
);

if (onUnauthorizedClientConnect is not null)
Expand Down
27 changes: 0 additions & 27 deletions source/Halibut/Transport/DefaultSslConfigurationProvider.cs
View file
Open in desktop

This file was deleted.

10 changes: 1 addition & 9 deletions source/Halibut/Transport/DiscoveryClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,10 @@ public class DiscoveryClient
readonly LogFactory logs = new ();

readonly IStreamFactory streamFactory;
readonly ISslConfigurationProvider sslConfigurationProvider;

public DiscoveryClient(IStreamFactory streamFactory)
: this(streamFactory, SslConfiguration.Default)
{
}

public DiscoveryClient(IStreamFactory streamFactory, ISslConfigurationProvider sslConfigurationProvider)
{
this.streamFactory = streamFactory;
this.sslConfigurationProvider = sslConfigurationProvider;
}

public async Task<ServiceEndPoint> DiscoverAsync(ServiceEndPoint serviceEndpoint, HalibutTimeoutsAndLimits halibutTimeoutsAndLimits, CancellationToken cancellationToken)
Expand All @@ -52,13 +45,12 @@ public async Task<ServiceEndPoint> DiscoverAsync(ServiceEndPoint serviceEndpoint
await ssl.AuthenticateAsClientAsync(
serviceEndpoint.BaseUri.Host,
new X509Certificate2Collection(),
sslConfigurationProvider.SupportedProtocols,
SslConfiguration.SupportedProtocols,
false);
#else
await ssl.AuthenticateAsClientEnforcingTimeout(
serviceEndpoint,
new X509Certificate2Collection(),
sslConfigurationProvider,
cancellationToken
);
#endif
Expand Down
23 changes: 0 additions & 23 deletions source/Halibut/Transport/ISslConfigurationProvider.cs
View file
Open in desktop

This file was deleted.

33 changes: 0 additions & 33 deletions source/Halibut/Transport/LegacySslConfigurationProvider.cs
View file
Open in desktop

This file was deleted.

7 changes: 2 additions & 5 deletions source/Halibut/Transport/SecureListener.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@ public class SecureListener : IAsyncDisposable
readonly IStreamFactory streamFactory;
readonly IConnectionsObserver connectionsObserver;
readonly ISecureConnectionObserver secureConnectionObserver;
readonly ISslConfigurationProvider sslConfigurationProvider;
ILog log;
TcpListener listener;
Thread? backgroundThread;
Expand All @@ -70,8 +69,7 @@ public SecureListener(
HalibutTimeoutsAndLimits halibutTimeoutsAndLimits,
IStreamFactory streamFactory,
IConnectionsObserver connectionsObserver,
ISecureConnectionObserver secureConnectionObserver,
ISslConfigurationProvider sslConfigurationProvider
ISecureConnectionObserver secureConnectionObserver
)
{
this.endPoint = endPoint;
Expand All @@ -87,7 +85,6 @@ ISslConfigurationProvider sslConfigurationProvider
this.streamFactory = streamFactory;
this.connectionsObserver = connectionsObserver;
this.secureConnectionObserver = secureConnectionObserver;
this.sslConfigurationProvider = sslConfigurationProvider;
this.cts = new CancellationTokenSource();
this.cancellationToken = cts.Token;

Expand Down Expand Up @@ -312,7 +309,7 @@ await ssl
.AuthenticateAsServerAsync(
serverCertificate,
true,
sslConfigurationProvider.SupportedProtocols,
SslConfiguration.SupportedProtocols,
false)
.ConfigureAwait(false);

Expand Down
9 changes: 3 additions & 6 deletions source/Halibut/Transport/SslConfiguration.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
using System.Security.Authentication;

namespace Halibut.Transport
{
public static class SslConfiguration
{
public static ISslConfigurationProvider Default { get; }
#if NETFRAMEWORK // .NET4.8 exhibited inconsistent behavior when using the default configuration
= new LegacySslConfigurationProvider();
#else
= new DefaultSslConfigurationProvider();
#endif
public static SslProtocols SupportedProtocols => SslProtocols.None; // None means system defaults
}
}
3 changes: 1 addition & 2 deletions source/Halibut/Transport/Streams/SslStreamExtensionMethods.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ internal static async Task AuthenticateAsClientEnforcingTimeout(
this SslStream ssl,
ServiceEndPoint serviceEndpoint,
X509Certificate2Collection clientCertificates,
ISslConfigurationProvider sslConfigurationProvider,
CancellationToken cancellationToken)
{
using var timeoutCts = new CancellationTokenSource(ssl.ReadTimeout);
Expand All @@ -23,7 +22,7 @@ internal static async Task AuthenticateAsClientEnforcingTimeout(
{
TargetHost = serviceEndpoint.BaseUri.Host,
ClientCertificates = clientCertificates,
EnabledSslProtocols = sslConfigurationProvider.SupportedProtocols,
EnabledSslProtocols = SslConfiguration.SupportedProtocols,
CertificateRevocationCheckMode = X509RevocationMode.NoCheck
};

Expand Down
9 changes: 3 additions & 6 deletions source/Halibut/Transport/TcpConnectionFactory.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,21 +22,18 @@ public class TcpConnectionFactory : IConnectionFactory
readonly HalibutTimeoutsAndLimits halibutTimeoutsAndLimits;
readonly IStreamFactory streamFactory;
readonly ISecureConnectionObserver secureConnectionObserver;
readonly ISslConfigurationProvider sslConfigurationProvider;

public TcpConnectionFactory(
X509Certificate2 clientCertificate,
HalibutTimeoutsAndLimits halibutTimeoutsAndLimits,
IStreamFactory streamFactory,
ISecureConnectionObserver secureConnectionObserver,
ISslConfigurationProvider sslConfigurationProvider
ISecureConnectionObserver secureConnectionObserver
)
{
this.clientCertificate = clientCertificate;
this.halibutTimeoutsAndLimits = halibutTimeoutsAndLimits;
this.streamFactory = streamFactory;
this.secureConnectionObserver = secureConnectionObserver;
this.sslConfigurationProvider = sslConfigurationProvider;
}

public async Task<IConnection> EstablishNewConnectionAsync(ExchangeProtocolBuilder exchangeProtocolBuilder, ServiceEndPoint serviceEndpoint, ILog log, CancellationToken cancellationToken)
Expand All @@ -61,10 +58,10 @@ public async Task<IConnection> EstablishNewConnectionAsync(ExchangeProtocolBuild
await ssl.AuthenticateAsClientAsync(
serviceEndpoint.BaseUri.Host,
new X509Certificate2Collection(clientCertificate),
sslConfigurationProvider.SupportedProtocols,
SslConfiguration.SupportedProtocols,
false);
#else
await ssl.AuthenticateAsClientEnforcingTimeout(serviceEndpoint, new X509Certificate2Collection(clientCertificate), sslConfigurationProvider, cancellationToken);
await ssl.AuthenticateAsClientEnforcingTimeout(serviceEndpoint, new X509Certificate2Collection(clientCertificate), cancellationToken);
#endif

await ssl.WriteAsync(MxLine, 0, MxLine.Length, cancellationToken);
Expand Down