Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcfb007d

Browse files
Port#3126 to release/6.0 (#3127)
* Fix down-level SSL/TLS version warnings (#3126)* Added test for downlevel connectivity warning* Correctly test bit flags for legacy SSL protocol warning* Corrected warning disablement/restore.(cherry picked from commit198b906)* Test by rolling back changes to connection test matrix---------Co-authored-by: Edward Neal <55035479+edwardneal@users.noreply.github.com>
1 parent955ac52 commitcfb007d

File tree

10 files changed

+42
-27
lines changed

10 files changed

+42
-27
lines changed

‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParserHelperClasses.cs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -768,30 +768,30 @@ private static string ToFriendlyName(this SslProtocols protocol)
768768
name = "TLS 1.3";
769769
}*/
770770
#pragma warning disableCA5398// Avoid hardcoded SslProtocols values
771-
if((protocol&SslProtocols.Tls12)==SslProtocols.Tls12)
771+
if((protocol&SslProtocols.Tls12)!=SslProtocols.None)
772772
{
773773
name="TLS 1.2";
774774
}
775775
#ifNET
776776
#pragma warning disableSYSLIB0039// Type or member is obsolete: TLS 1.0 & 1.1 are deprecated
777777
#endif
778-
elseif((protocol&SslProtocols.Tls11)==SslProtocols.Tls11)
778+
elseif((protocol&SslProtocols.Tls11)!=SslProtocols.None)
779779
{
780780
name="TLS 1.1";
781781
}
782-
elseif((protocol&SslProtocols.Tls)== SslProtocols.Tls)
782+
elseif((protocol&SslProtocols.Tls)!= SslProtocols.None)
783783
{
784784
name="TLS 1.0";
785785
}
786786
#ifNET
787787
#pragma warning restoreSYSLIB0039// Type or member is obsolete: SSL and TLS 1.0 & 1.1 is deprecated
788788
#endif
789789
#pragma warning disableCS0618// Type or member is obsolete: SSL is deprecated
790-
elseif((protocol&SslProtocols.Ssl3)== SslProtocols.Ssl3)
790+
elseif((protocol&SslProtocols.Ssl3)!= SslProtocols.None)
791791
{
792792
name="SSL 3.0";
793793
}
794-
elseif((protocol&SslProtocols.Ssl2)== SslProtocols.Ssl2)
794+
elseif((protocol&SslProtocols.Ssl2)!= SslProtocols.None)
795795
#pragma warning restoreCS0618// Type or member is obsolete: SSL and TLS 1.0 & 1.1 is deprecated
796796
{
797797
name="SSL 2.0";

‎src/Microsoft.Data.SqlClient/tests/ManualTests/DataCommon/ConnectionTestParameters.cs

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
usingSystem;
66
usingSystem.Collections.Generic;
77
usingSystem.Linq;
8+
usingSystem.Security.Authentication;
89
usingSystem.Text;
910
usingSystem.Threading.Tasks;
1011
usingMicrosoft.SqlServer.TDS.PreLogin;
@@ -26,15 +27,21 @@ public class ConnectionTestParameters
2627
publicstringHostNameInCertificate=>_hnic;
2728
publicboolTestResult=>_result;
2829
publicTDSPreLoginTokenEncryptionTypeTdsEncryptionType=>_encryptionType;
30+
publicSslProtocolsEncryptionProtocols{get;}
2931

3032
publicConnectionTestParameters(TDSPreLoginTokenEncryptionTypetdsEncryptionType,SqlConnectionEncryptOptionencryptOption,booltrustServerCert,stringcert,stringhnic,boolresult)
33+
:this(tdsEncryptionType,encryptOption,trustServerCert,cert,hnic,SslProtocols.Tls12,result)
34+
{}
35+
36+
publicConnectionTestParameters(TDSPreLoginTokenEncryptionTypetdsEncryptionType,SqlConnectionEncryptOptionencryptOption,booltrustServerCert,stringcert,stringhnic,SslProtocolssslProtocols,boolresult)
3137
{
3238
_encryptionOption=encryptOption;
3339
_trustServerCert=trustServerCert;
3440
_cert=cert;
3541
_hnic=hnic;
3642
_result=result;
3743
_encryptionType=tdsEncryptionType;
44+
EncryptionProtocols=sslProtocols;
3845
}
3946
}
4047
}

‎src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectionTestWithSSLCert/CertificateTestWithTdsServer.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,7 @@ private void ConnectionTest(ConnectionTestParameters connectionTestParameters)
127127
#else
128128
newX509Certificate2(s_fullPathToPfx,"nopassword",X509KeyStorageFlags.UserKeySet),
129129
#endif
130+
encryptionProtocols: connectionTestParameters.EncryptionProtocols,
130131
encryptionType:connectionTestParameters.TdsEncryptionType);
131132

132133
builder=new(server.ConnectionString)

‎src/Microsoft.Data.SqlClient/tests/ManualTests/TracingTests/TestTdsServer.cs

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
usingSystem.Net;
88
usingSystem.Net.Sockets;
99
usingSystem.Runtime.CompilerServices;
10+
usingSystem.Security.Authentication;
1011
usingSystem.Security.Cryptography.X509Certificates;
1112
usingMicrosoft.SqlServer.TDS.EndPoint;
1213
usingMicrosoft.SqlServer.TDS.PreLogin;
@@ -31,7 +32,7 @@ public TestTdsServer(QueryEngine engine, TDSServerArguments args) : base(args)
3132

3233
publicstaticTestTdsServerStartServerWithQueryEngine(QueryEngineengine,boolenableFedAuth=false,boolenableLog=false,
3334
intconnectionTimeout=DefaultConnectionTimeout,[CallerMemberName]stringmethodName="",
34-
X509Certificate2encryptionCertificate=null,TDSPreLoginTokenEncryptionTypeencryptionType=TDSPreLoginTokenEncryptionType.NotSupported)
35+
X509Certificate2encryptionCertificate=null,SslProtocolsencryptionProtocols=SslProtocols.Tls12,TDSPreLoginTokenEncryptionTypeencryptionType=TDSPreLoginTokenEncryptionType.NotSupported)
3536
{
3637
TDSServerArgumentsargs=newTDSServerArguments()
3738
{
@@ -48,6 +49,7 @@ public static TestTdsServer StartServerWithQueryEngine(QueryEngine engine, bool
4849
args.EncryptionCertificate=encryptionCertificate;
4950
}
5051

52+
args.EncryptionProtocols=encryptionProtocols;
5153
args.Encryption=encryptionType;
5254

5355
TestTdsServerserver=engine==null?newTestTdsServer(args):newTestTdsServer(engine,args);
@@ -83,9 +85,9 @@ public static TestTdsServer StartServerWithQueryEngine(QueryEngine engine, bool
8385

8486
publicstaticTestTdsServerStartTestServer(boolenableFedAuth=false,boolenableLog=false,
8587
intconnectionTimeout=DefaultConnectionTimeout,[CallerMemberName]stringmethodName="",
86-
X509Certificate2encryptionCertificate=null,TDSPreLoginTokenEncryptionTypeencryptionType=TDSPreLoginTokenEncryptionType.NotSupported)
88+
X509Certificate2encryptionCertificate=null,SslProtocolsencryptionProtocols=SslProtocols.Tls12,TDSPreLoginTokenEncryptionTypeencryptionType=TDSPreLoginTokenEncryptionType.NotSupported)
8789
{
88-
returnStartServerWithQueryEngine(null,enableFedAuth,enableLog,connectionTimeout,methodName,encryptionCertificate,encryptionType);
90+
returnStartServerWithQueryEngine(null,enableFedAuth,enableLog,connectionTimeout,methodName,encryptionCertificate,encryptionProtocols,encryptionType);
8991
}
9092

9193
publicvoidDispose()=>_endpoint?.Stop();

‎src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.EndPoint/ITDSServerSession.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
// See the LICENSE file in the project root for more information.
44

55
usingSystem;
6+
usingSystem.Security.Authentication;
67
usingSystem.Security.Cryptography.X509Certificates;
78
usingMicrosoft.SqlServer.TDS.EndPoint.SSPI;
89

@@ -68,6 +69,11 @@ public interface ITDSServerSession
6869
/// </summary>
6970
X509CertificateEncryptionCertificate{get;}
7071

72+
/// <summary>
73+
/// SSL/TLS protocols to use for transport encryption
74+
/// </summary>
75+
SslProtocolsEncryptionProtocols{get;}
76+
7177
/// <summary>
7278
/// Counter of connection reset requests for this session
7379
/// </summary>

‎src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.EndPoint/TDSParser.cs

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,6 @@ public class TDSParser
2525
/// </summary>
2626
publicTextWriterEventLog{get;set;}
2727

28-
/// <summary>
29-
/// Encryption protocol for server to use with AuthenticateAsServer
30-
/// </summary>
31-
publicstaticSslProtocolsServerSslProtocol{get;set;}
32-
3328
/// <summary>
3429
/// Protocol stream between the client and the server
3530
/// </summary>
@@ -43,8 +38,6 @@ public TDSParser(Stream transport)
4338
// Save original transport
4439
_originalTransport=transport;
4540

46-
ServerSslProtocol=SslProtocols.Tls12;
47-
4841
// Wrap transport layer with TDS
4942
Transport=newTDSStream(transport,false);
5043
}
@@ -57,14 +50,6 @@ public void SetTDSStreamPreWriteCallback(Func<byte[], int, int, ushort> funcTDSS
5750
Transport.PreWriteCallBack=funcTDSStreamPreWriteCallBack;
5851
}
5952

60-
/// <summary>
61-
/// Resets the targeted encryption protocol for the server.
62-
/// </summary>
63-
publicstaticvoidResetTargetProtocol()
64-
{
65-
ServerSslProtocol=SslProtocols.Tls12;
66-
}
67-
6853
/// <summary>
6954
/// Enable transport encryption
7055
/// </summary>
@@ -105,7 +90,7 @@ protected void EnableClientTransportEncryption(string server)
10590
/// <summary>
10691
/// Enable transport encryption
10792
/// </summary>
108-
protectedvoidEnableServerTransportEncryption(X509Certificatecertificate)
93+
protectedvoidEnableServerTransportEncryption(X509Certificatecertificate,SslProtocolsencryptionProtocols)
10994
{
11095
// Check if transport encryption is applied
11196
if(Transport.InnerStreamisSslStream)
@@ -128,7 +113,7 @@ protected void EnableServerTransportEncryption(X509Certificate certificate)
128113
SslStreamssl=newSslStream(multiplexer,true);
129114

130115
// Secure the channel
131-
ssl.AuthenticateAsServer(certificate,false,ServerSslProtocol,false);
116+
ssl.AuthenticateAsServer(certificate,false,encryptionProtocols,false);
132117

133118
// Replace TDS stream with raw transport stream in multiplexer
134119
multiplexer.InnerStream=Transport.InnerStream;

‎src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.EndPoint/TDSServerParser.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ public void Run()
146146
if(Session.Encryption==TDSEncryptionType.LoginOnly||Session.Encryption==TDSEncryptionType.Full)
147147
{
148148
// Enable server side encryption
149-
EnableServerTransportEncryption(Session.EncryptionCertificate);
149+
EnableServerTransportEncryption(Session.EncryptionCertificate,Session.EncryptionProtocols);
150150
}
151151
}
152152

‎src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/GenericTDSServer.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,8 +85,9 @@ public virtual ITDSServerSession OpenSession()
8585
// Create a new session
8686
GenericTDSServerSessionsession=newGenericTDSServerSession(this,(uint)_sessionCount);
8787

88-
// Use configured encryption certificate
88+
// Use configured encryption certificate and protocols
8989
session.EncryptionCertificate=Arguments.EncryptionCertificate;
90+
session.EncryptionProtocols=Arguments.EncryptionProtocols;
9091

9192
returnsession;
9293
}

‎src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/GenericTDSServerSession.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
usingSystem;
66
usingSystem.Collections.Generic;
7+
usingSystem.Security.Authentication;
78
usingSystem.Security.Cryptography.X509Certificates;
89
usingMicrosoft.SqlServer.TDS.EndPoint;
910
usingMicrosoft.SqlServer.TDS.EndPoint.SSPI;
@@ -78,6 +79,11 @@ public class GenericTDSServerSession : ITDSServerSession
7879
/// </summary>
7980
publicX509CertificateEncryptionCertificate{get;set;}
8081

82+
/// <summary>
83+
/// SSL/TLS protocols to use for transport encryption
84+
/// </summary>
85+
publicSslProtocolsEncryptionProtocols{get;set;}
86+
8187
/// <summary>
8288
/// Nonce option sent by client
8389
/// </summary>

‎src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/TDSServerArguments.cs

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
usingSystem;
66
usingSystem.IO;
7+
usingSystem.Security.Authentication;
78
usingSystem.Security.Cryptography.X509Certificates;
89
usingMicrosoft.SqlServer.TDS.PreLogin;
910

@@ -69,6 +70,11 @@ public class TDSServerArguments
6970
/// </summary>
7071
publicX509CertificateEncryptionCertificate{get;set;}
7172

73+
/// <summary>
74+
/// SSL/TLS protocols to use for transport encryption
75+
/// </summary>
76+
publicSslProtocolsEncryptionProtocols{get;set;}
77+
7278
/// <summary>
7379
/// Initialization constructor
7480
/// </summary>
@@ -88,6 +94,7 @@ public TDSServerArguments()
8894
FedAuthRequiredPreLoginOption=TdsPreLoginFedAuthRequiredOption.FedAuthNotRequired;
8995

9096
EncryptionCertificate=newX509Certificate2("TdsServerCertificate.pfx","SecretPassword123456");
97+
EncryptionProtocols=SslProtocols.Tls12;
9198

9299
ServerPrincipalName=AzureADServicePrincipalName;
93100
StsUrl=AzureADProductionTokenEndpoint;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp