diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 94dde3c00fb..7cba6e8ba23 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -78,7 +78,12 @@ public enum WebSslProtocol
///
/// Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF RFC 5246.
///
- Tls12 = SslProtocols.Tls12
+ Tls12 = SslProtocols.Tls12,
+
+ ///
+ /// Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF RFC 8446.
+ ///
+ Tls13 = SslProtocols.Tls13
}
///
diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1
index ba6185777f9..6cadb0c9f65 100644
--- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1
+++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1
@@ -1688,18 +1688,25 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" {
Context "Invoke-WebRequest -SslProtocol Test" {
BeforeAll {
+ # We put Tls13 tests at pending due to modern OS limitations.
+ # Tracking issue https://github.com/PowerShell/PowerShell/issues/13439
+
## Test cases for the 1st 'It'
$testCases1 = @(
@{ Test = @{SslProtocol = 'Default'; ActualProtocol = 'Default'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls11'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls, Tls11, Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
# Skipping intermediary protocols is not supported on all platforms
@{ Test = @{SslProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls'}; Pending = -not $IsWindows }
@@ -1707,13 +1714,19 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" {
)
$testCases2 = @(
+ @{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls11'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls11, Tls12, Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
+ @{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls13'}; Pending = $true }
+ @{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
)
@@ -3191,17 +3204,24 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" {
Context "Invoke-RestMethod -SslProtocol Test" {
BeforeAll {
+ # We put Tls13 tests at pending due to modern OS limitations.
+ # Tracking issue https://github.com/PowerShell/PowerShell/issues/13439
+
$testCases1 = @(
@{ Test = @{SslProtocol = 'Default'; ActualProtocol = 'Default'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls, Tls11, Tls12, Tls13'; ActualProtocol = 'Tls11'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{SslProtocol = 'Tls, Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{SslProtocol = 'Tls, Tls11, Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{SslProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
# Skipping intermediary protocols is not supported on all platforms
@{ Test = @{SslProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls'}; Pending = -not $IsWindows }
@@ -3209,13 +3229,19 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" {
)
$testCases2 = @(
+ @{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls'; ActualProtocol = 'Tls11'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls11'; ActualProtocol = 'Tls'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls13'; ActualProtocol = 'Tls'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls11, Tls12'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls11, Tls12, Tls13'; ActualProtocol = 'Tls'}; Pending = $false }
+ @{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls13'}; Pending = $true }
+ @{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls13'}; Pending = $true }
@{ Test = @{IntendedProtocol = 'Tls, Tls12'; ActualProtocol = 'Tls11'}; Pending = $false }
@{ Test = @{IntendedProtocol = 'Tls, Tls11'; ActualProtocol = 'Tls12'}; Pending = $false }
)
diff --git a/test/tools/Modules/WebListener/WebListener.psm1 b/test/tools/Modules/WebListener/WebListener.psm1
index 6122a7a8a4b..6436da97d1c 100644
--- a/test/tools/Modules/WebListener/WebListener.psm1
+++ b/test/tools/Modules/WebListener/WebListener.psm1
@@ -108,7 +108,10 @@ function Start-WebListener
[int]$Tls11Port = 8085,
[ValidateRange(1,65535)]
- [int]$TlsPort = 8086
+ [int]$TlsPort = 8086,
+
+ [ValidateRange(1,65535)]
+ [int]$Tls13Port = 8087
)
process
@@ -141,10 +144,11 @@ function Start-WebListener
'serverPfxPassword: {0}' -f $using:serverPfxPassword
'HttpPort: {0}' -f $using:HttpPort
'Https: {0}' -f $using:HttpsPort
+ 'Tls13Port: {0}' -f $using:Tls13Port
'Tls11Port: {0}' -f $using:Tls11Port
'TlsPort: {0}' -f $using:TlsPort
$env:ASPNETCORE_ENVIRONMENT = 'Development'
- & $using:appExe $using:serverPfxPath $using:serverPfxPassword $using:HttpPort $using:HttpsPort $using:Tls11Port $using:TlsPort
+ & $using:appExe $using:serverPfxPath $using:serverPfxPassword $using:HttpPort $using:HttpsPort $using:Tls11Port $using:TlsPort $using:Tls13Port
}
$Script:WebListener = [WebListener]@{
@@ -208,7 +212,7 @@ function Get-WebListenerUrl {
param (
[switch]$Https,
- [ValidateSet('Default', 'Tls12', 'Tls11', 'Tls')]
+ [ValidateSet('Default', 'Tls13', 'Tls12', 'Tls11', 'Tls')]
[string]$SslProtocol = 'Default',
[ValidateSet(
diff --git a/test/tools/WebListener/Program.cs b/test/tools/WebListener/Program.cs
index 691ef60b7c2..237e01ab744 100644
--- a/test/tools/WebListener/Program.cs
+++ b/test/tools/WebListener/Program.cs
@@ -20,9 +20,9 @@ public class Program
{
public static void Main(string[] args)
{
- if (args.Count() != 6)
+ if (args.Count() != 7)
{
- System.Console.WriteLine("Required: ");
+ System.Console.WriteLine("Required: ");
Environment.Exit(1);
}
@@ -68,6 +68,17 @@ public static IWebHost BuildWebHost(string[] args) =>
httpsOption.ServerCertificate = certificate;
listenOptions.UseHttps(httpsOption);
});
+ options.Listen(IPAddress.Loopback, int.Parse(args[6]), listenOptions =>
+ {
+ var certificate = new X509Certificate2(args[0], args[1]);
+ HttpsConnectionAdapterOptions httpsOption = new HttpsConnectionAdapterOptions();
+ httpsOption.SslProtocols = SslProtocols.Tls13;
+ httpsOption.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
+ httpsOption.ClientCertificateValidation = (inCertificate, inChain, inPolicy) => {return true;};
+ httpsOption.CheckCertificateRevocation = false;
+ httpsOption.ServerCertificate = certificate;
+ listenOptions.UseHttps(httpsOption);
+ });
})
.Build();
}