Skip to content

Add supoort for Tls 1.3 in Web cmdlets #13409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rjmholt merged 5 commits into from
Sep 2, 2020
Merged

Add supoort for Tls 1.3 in Web cmdlets #13409

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ae2ec5d
Add supoort for Tls 1.3 in Web cmdlets
iSazonov Aug 12, 2020
b3274e5
Add tests
iSazonov Aug 13, 2020
f954651
Fix tests
iSazonov Aug 13, 2020
a05cc60
Pending Tls13 tests
iSazonov Aug 14, 2020
53b305b
Pending Tls13 tests 2
iSazonov Sep 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion ...owerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,12 @@ public enum WebSslProtocol
/// <summary>
/// Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF RFC 5246.
/// </summary>
Tls12 = SslProtocols.Tls12
Tls12 = SslProtocols.Tls12,

/// <summary>
/// Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF RFC 8446.
/// </summary>
Tls13 = SslProtocols.Tls13
}

/// <summary>
Expand Down
26 changes: 26 additions & 0 deletions test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1688,32 +1688,45 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" {

Context "Invoke-WebRequest -SslProtocol Test" {
BeforeAll {
# We put Tls13 tests at pending due to modern OS limitations.
# Tracking issue https://github.com/PowerShell/PowerShell/issues/13439

## Test cases for the 1st 'It'
$testCases1 = @(
@{ Test = @{SslProtocol = 'Default'; ActualProtocol = 'Default'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls11'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
# Skipping intermediary protocols is not supported on all platforms
@{ Test = @{SslProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls'}; Pending = -not $IsWindows }
@{ Test = @{SslProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls12'}; Pending = -not $IsWindows }
)

$testCases2 = @(
Copy link
Copy Markdown
Member

@TravisEz13 TravisEz13 Aug 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a comment that these are failing test cases

@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11, Tls12, Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
)
Expand Down Expand Up @@ -3191,31 +3204,44 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" {

Context "Invoke-RestMethod -SslProtocol Test" {
BeforeAll {
# We put Tls13 tests at pending due to modern OS limitations.
# Tracking issue https://github.com/PowerShell/PowerShell/issues/13439

$testCases1 = @(
@{ Test = @{SslProtocol = 'Default'; ActualProtocol = 'Default'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls11'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
# Skipping intermediary protocols is not supported on all platforms
@{ Test = @{SslProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls'}; Pending = -not $IsWindows }
@{ Test = @{SslProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls12'}; Pending = -not $IsWindows }
)

$testCases2 = @(
Copy link
Copy Markdown
Member

@TravisEz13 TravisEz13 Aug 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similar comment here

@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11, Tls12, Tls13'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
)
Expand Down
10 changes: 7 additions & 3 deletions test/tools/Modules/WebListener/WebListener.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,10 @@ function Start-WebListener
[int]$Tls11Port = 8085,

[ValidateRange(1,65535)]
[int]$TlsPort = 8086
[int]$TlsPort = 8086,

[ValidateRange(1,65535)]
[int]$Tls13Port = 8087
)

process
Expand Down Expand Up @@ -141,10 +144,11 @@ function Start-WebListener
'serverPfxPassword: {0}' -f $using:serverPfxPassword
'HttpPort: {0}' -f $using:HttpPort
'Https: {0}' -f $using:HttpsPort
'Tls13Port: {0}' -f $using:Tls13Port
'Tls11Port: {0}' -f $using:Tls11Port
'TlsPort: {0}' -f $using:TlsPort
$env:ASPNETCORE_ENVIRONMENT = 'Development'
& $using:appExe $using:serverPfxPath $using:serverPfxPassword $using:HttpPort $using:HttpsPort $using:Tls11Port $using:TlsPort
& $using:appExe $using:serverPfxPath $using:serverPfxPassword $using:HttpPort $using:HttpsPort $using:Tls11Port $using:TlsPort $using:Tls13Port
}

$Script:WebListener = [WebListener]@{
Expand Down Expand Up @@ -208,7 +212,7 @@ function Get-WebListenerUrl {
param (
[switch]$Https,

[ValidateSet('Default', 'Tls12', 'Tls11', 'Tls')]
[ValidateSet('Default', 'Tls13', 'Tls12', 'Tls11', 'Tls')]
[string]$SslProtocol = 'Default',

[ValidateSet(
Expand Down
15 changes: 13 additions & 2 deletions test/tools/WebListener/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ public class Program
{
public static void Main(string[] args)
{
if (args.Count() != 6)
if (args.Count() != 7)
{
System.Console.WriteLine("Required: <CertificatePath> <CertificatePassword> <HTTPPortNumber> <HTTPSPortNumberTls2> <HTTPSPortNumberTls11> <HTTPSPortNumberTls>");
System.Console.WriteLine("Required: <CertificatePath> <CertificatePassword> <HTTPPortNumber> <HTTPSPortNumberTls12> <HTTPSPortNumberTls11> <HTTPSPortNumberTls> <HTTPSPortNumberTls12>");
Environment.Exit(1);
}

Expand Down Expand Up @@ -68,6 +68,17 @@ public static IWebHost BuildWebHost(string[] args) =>
httpsOption.ServerCertificate = certificate;
listenOptions.UseHttps(httpsOption);
});
options.Listen(IPAddress.Loopback, int.Parse(args[6]), listenOptions =>
{
var certificate = new X509Certificate2(args[0], args[1]);
HttpsConnectionAdapterOptions httpsOption = new HttpsConnectionAdapterOptions();
httpsOption.SslProtocols = SslProtocols.Tls13;
httpsOption.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
httpsOption.ClientCertificateValidation = (inCertificate, inChain, inPolicy) => {return true;};
httpsOption.CheckCertificateRevocation = false;
httpsOption.ServerCertificate = certificate;
listenOptions.UseHttps(httpsOption);
});
})
.Build();
}
Expand Down