Conversation
|
Still blocked on API review + validation that Windows is implementable |
6a3b296 to
4958145
Compare
|
@karelz to clarify - Windows is implementable (negotiated cipher suite - not policy - it was already included in the previous version) - what's missing right now is just API review (previously this was also missing fixes for OSX and merge conflict which creeped in much more stuff than I initially wanted here) |
|
|
|
@karelz this is is marked as ready for review for a while (since Jan 25): cipher suite policy issue (https://github.com/dotnet/corefx/issues/33809) is not yet (this issue adds internals needed for cipher suite policy feature and has only APIs which are very unlikely to get changed during API review) but that APIs depend on this so cannot finalize them before this one is finalized (although I got a changeset somewhere with most likely shape on my fork) |
|
Ah, mix up on my side, thanks for clarification! |
|
Given the recent API review and approval https://github.com/dotnet/corefx/issues/34867#issuecomment-474516862, will this property be changed to nullable, or just throw when not available yet? |
|
@davidsh all similar APIs currently throw so I have followed that pattern and I think it makes sense to throw from consistency point of view (also this value doesn't make any sense before negotiation is successful so it is likely a user bug). I do not feel strongly either way though so please let me know if you prefer nullable. |
|
I think the API review landed on throwing and nullable? Throw for invalid state, return |
|
@khellang I think currently all platforms are able to provide a value - at least AFAIK - I'm not sure if the API review feedback was |
|
I think it was @vcsjones that suggested it might be a good idea to make it nullable in case a future platform can't provide the value, instead of returning a bogus value or throwing. |
|
makes sense - I'll double check with @terrajobst if this is what he meant as well and update accordingly (first need to fix merge conflicts and failures anyway, that will be just cosmetic change) |
|
Yes I think the conversation leaned toward nullable and throw.
Really my concern was, we don't own the values of the enum, IANA does, so we can never add an "Unknown" value to the enum. Making it nullable was trying to be a bit forward thinking. |
4958145 to
8063575
Compare
src/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Linux.cs
Show resolved
Hide resolved
| { | ||
| Protocol = (int)MapProtocolVersion(Interop.Ssl.SslGetVersion(sslContext)); | ||
|
|
||
| MapCipherSuite(SslGetCurrentCipherSuite(sslContext)); |
There was a problem hiding this comment.
We should be consistent: it's strange to have one of these Map... methods update state and the other not.
There was a problem hiding this comment.
this was existing code I moved to different place so that we can use it on both Linux and OSX - also this maps 1 value into 6 so don't see any clean way to write that except for copy & paste
src/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.cs
Outdated
Show resolved
Hide resolved
src/System.Net.Security/src/System/Net/Security/TlsCipherSuiteData.Lookup.cs
Show resolved
Hide resolved
src/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
Show resolved
Hide resolved
src/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
Outdated
Show resolved
Hide resolved
src/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
Outdated
Show resolved
Hide resolved
src/System.Net.Security/src/System/Net/Security/TlsCipherSuiteData.Lookup.tt
Outdated
Show resolved
Hide resolved
This reverts commit c8bffcc.
34f012f to
533411d
Compare
|
this was pure rebase to pick up new yaml files and fix the build |
src/System.Net.Security/src/System/Net/Security/TlsCipherSuiteNameParser.ttinclude
Outdated
Show resolved
Hide resolved
|
|
||
| public static string ToFrameworkName(HashAlgorithmType val) | ||
| { | ||
| return val == HashAlgorithmType.Aead ? "None" : val.ToString(); |
There was a problem hiding this comment.
Consider expanding this, and doing the open-drain-throw default.
There was a problem hiding this comment.
currently we have 1:1 mapping except Aead so will leave it as is for simplicity
There was a problem hiding this comment.
I'm not suggesting changing it to be anything complicated, just explicit-case on the 1:1 mapping (returning val.ToString() still) and letting Aead be None, and anything future throw so whoever is making the change figures out what to do about it.
The reason I brought it up is I think everything else currently throws on new kinds of data, so someone might hit a deceptive "I'm done" state instead of being really done.
There was a problem hiding this comment.
will add it it in my coming ciphersuite policy PR
src/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
Outdated
Show resolved
Hide resolved
* NegotiatedCiphersuite implementation * fix after merge conflict * fix netfx * add more expected Tls 1.0 ciphersuites (rfc5289) * change TlsCipherSuite API to nullable * apply self-feedback * apply feedback * Revert "change TlsCipherSuite API to nullable" This reverts commit dotnet/corefx@c8bffcc. * simplification around nullables * msbuild /t:GenerateReferenceSource instead of copy & paste * revert badly generated APIs * fix codegen after moving tt files * apply feedback Commit migrated from dotnet/corefx@f9fbe70
Fixes: https://github.com/dotnet/corefx/issues/34867
Motivation:
Needed for https://github.com/dotnet/corefx/issues/33809
This fixes two issues:
support for:
/p:AllowTlsCipherSuiteGeneration=true) TlsCipherSuite enum values (data downloaded from IANA registry)