From 897005b124576e791b536b52799a6198fb652c20 Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Mon, 8 Jul 2024 16:43:40 -0700 Subject: [PATCH 1/9] Add rudimentary HTTPS support --- .../Socket/SocketGeminiListener.cs | 2 +- Bunkum.Protocols.Http/BunkumHttpServer.cs | 18 +++++- .../Socket/SocketHttpListener.cs | 61 ++++++++++++++++++- Bunkum.Protocols.Http/SslConfiguration.cs | 16 +++++ 4 files changed, 90 insertions(+), 7 deletions(-) create mode 100644 Bunkum.Protocols.Http/SslConfiguration.cs diff --git a/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs b/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs index cd87786..2ae9c4c 100644 --- a/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs +++ b/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs @@ -93,7 +93,7 @@ await stream.AuthenticateAsServerAsync(new SslServerAuthenticationOptions EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13, ServerCertificate = this._cert, ClientCertificateRequired = true, - RemoteCertificateValidationCallback = (sender, certificate, chain, errors) => true, + RemoteCertificateValidationCallback = (_, _, _, _) => true, }); Uri uri = new(GetPath(stream)); diff --git a/Bunkum.Protocols.Http/BunkumHttpServer.cs b/Bunkum.Protocols.Http/BunkumHttpServer.cs index 83cf6a9..f4ec1fb 100644 --- a/Bunkum.Protocols.Http/BunkumHttpServer.cs +++ b/Bunkum.Protocols.Http/BunkumHttpServer.cs @@ -1,4 +1,6 @@ +using System.Security.Cryptography.X509Certificates; using Bunkum.Core; +using Bunkum.Core.Configuration; using Bunkum.Listener; using NotEnoughLogs; using NotEnoughLogs.Sinks; @@ -7,8 +9,18 @@ namespace Bunkum.Protocols.Http; public class BunkumHttpServer : BunkumServer { - public BunkumHttpServer(LoggerConfiguration? configuration = null, List? sinks = null) : base(configuration, sinks) - {} + private readonly X509Certificate2? _cert; + + public BunkumHttpServer(LoggerConfiguration? configuration = null, List? sinks = null, + SslConfiguration? sslConfiguration = null) : base(configuration, sinks) + { + //If the SSL configuration is not specified, load the config from JSON + sslConfiguration ??= Config.LoadFromJsonFile("httpssl.json", this.Logger); + + this._cert = sslConfiguration.SslEnabled + ? new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword) + : null; + } [Obsolete("This constructor is obsolete, `UseListener` is preferred instead!")] public BunkumHttpServer(BunkumListener listener, LoggerConfiguration? configuration = null, List? sinks = null) : base(listener, configuration, sinks) @@ -17,7 +29,7 @@ public BunkumHttpServer(BunkumListener listener, LoggerConfiguration? configurat /// protected override BunkumListener CreateDefaultListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) { - return new Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger); + return new Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, this._cert); } /// diff --git a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs index 8220791..996c517 100644 --- a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs +++ b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs @@ -1,6 +1,10 @@ using System.Diagnostics; using System.Net; +using System.Net.Security; using System.Net.Sockets; +using System.Runtime.InteropServices; +using System.Security.Authentication; +using System.Security.Cryptography.X509Certificates; using System.Text.RegularExpressions; using System.Web; using Bunkum.Listener; @@ -16,14 +20,16 @@ public partial class SocketHttpListener : BunkumHttpListener private System.Net.Sockets.Socket? _socket; private readonly Uri _listenEndpoint; private readonly bool _useForwardedIp; - + private readonly X509Certificate2? _cert; + [GeneratedRegex("^[a-zA-Z]+$")] private static partial Regex LettersRegex(); - public SocketHttpListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) : base(logger) + public SocketHttpListener(Uri listenEndpoint, bool useForwardedIp, Logger logger, X509Certificate2? certificate) : base(logger) { this._listenEndpoint = listenEndpoint; this._useForwardedIp = useForwardedIp; + this._cert = certificate; this.Logger.LogInfo(ListenerCategory.Startup, "Internal HTTP server is listening at URL " + listenEndpoint); } @@ -75,8 +81,51 @@ public override void StartListening() } } - private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, Stream stream) + private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, Stream rawStream) { + Stream stream = rawStream; + SslStream? sslStream = null; + if (this._cert != null) + { + sslStream = new SslStream(rawStream); + + SslServerAuthenticationOptions authOptions = new() + { + EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11, + ServerCertificate = this._cert, + ClientCertificateRequired = false, + RemoteCertificateValidationCallback = (_, _, _, _) => true, + }; + + // On Windows we cant set the cipher suites + if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + authOptions.CipherSuitesPolicy = new CipherSuitesPolicy([ + // ps3 + TlsCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256, + TlsCipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256, + TlsCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA, + TlsCipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, + TlsCipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TlsCipherSuite.TLS_RSA_WITH_RC4_128_SHA, + TlsCipherSuite.TLS_RSA_WITH_RC4_128_MD5, + // modern + TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + ]); + } + + sslStream.AuthenticateAsServer(authOptions); + + stream = sslStream; + } + Span method = stackalloc char[RequestLineMethodLimit]; Span path = stackalloc char[RequestLinePathLimit]; Span version = stackalloc char[RequestLineVersionLimit]; @@ -199,6 +248,12 @@ private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, } context.InputStream = inputStream; + // If this an SSL connection, set the remote certificate + if (sslStream != null) + { + context.RemoteCertificate = sslStream.RemoteCertificate; + } + return context; } diff --git a/Bunkum.Protocols.Http/SslConfiguration.cs b/Bunkum.Protocols.Http/SslConfiguration.cs new file mode 100644 index 0000000..742cde8 --- /dev/null +++ b/Bunkum.Protocols.Http/SslConfiguration.cs @@ -0,0 +1,16 @@ +using Bunkum.Core.Configuration; + +namespace Bunkum.Protocols.Http; + +public class SslConfiguration : Config +{ + public override int CurrentConfigVersion => 1; + public override int Version { get; set; } + + protected override void Migrate(int oldVer, dynamic oldConfig) + {} + + public bool SslEnabled { get; set; } = false; + public string SslCertificate { get; set; } = "cert.pfx"; + public string? CertificatePassword { get; set; } = "password here or null"; +} \ No newline at end of file From 50f4a4d47affd5801deab2fbb0636c32fd858661 Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Mon, 8 Jul 2024 16:53:48 -0700 Subject: [PATCH 2/9] add some TODOs --- Bunkum.Protocols.Http/Socket/SocketHttpListener.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs index 996c517..57c9357 100644 --- a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs +++ b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs @@ -91,6 +91,7 @@ private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, SslServerAuthenticationOptions authOptions = new() { + //TODO: move this into the config EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11, ServerCertificate = this._cert, ClientCertificateRequired = false, @@ -100,6 +101,7 @@ private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, // On Windows we cant set the cipher suites if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { + //TODO: move this into the config somehow authOptions.CipherSuitesPolicy = new CipherSuitesPolicy([ // ps3 TlsCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256, From 169591e41139c9510d432e7066265e188397308e Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Mon, 8 Jul 2024 20:42:25 -0700 Subject: [PATCH 3/9] Refactor https to separate BunkumServer --- Bunkum.Protocols.Http/BunkumHttpServer.cs | 13 ++------ .../Socket/SocketHttpListenerContext.cs | 6 ++-- .../Bunkum.Protocols.Https.csproj | 13 ++++++++ Bunkum.Protocols.Https/BunkumHttpsServer.cs | 33 +++++++++++++++++++ .../SslConfiguration.cs | 2 +- Bunkum.sln | 7 ++++ 6 files changed, 59 insertions(+), 15 deletions(-) create mode 100644 Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj create mode 100644 Bunkum.Protocols.Https/BunkumHttpsServer.cs rename {Bunkum.Protocols.Http => Bunkum.Protocols.Https}/SslConfiguration.cs (92%) diff --git a/Bunkum.Protocols.Http/BunkumHttpServer.cs b/Bunkum.Protocols.Http/BunkumHttpServer.cs index f4ec1fb..08308b5 100644 --- a/Bunkum.Protocols.Http/BunkumHttpServer.cs +++ b/Bunkum.Protocols.Http/BunkumHttpServer.cs @@ -9,17 +9,8 @@ namespace Bunkum.Protocols.Http; public class BunkumHttpServer : BunkumServer { - private readonly X509Certificate2? _cert; - - public BunkumHttpServer(LoggerConfiguration? configuration = null, List? sinks = null, - SslConfiguration? sslConfiguration = null) : base(configuration, sinks) + public BunkumHttpServer(LoggerConfiguration? configuration = null, List? sinks = null) : base(configuration, sinks) { - //If the SSL configuration is not specified, load the config from JSON - sslConfiguration ??= Config.LoadFromJsonFile("httpssl.json", this.Logger); - - this._cert = sslConfiguration.SslEnabled - ? new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword) - : null; } [Obsolete("This constructor is obsolete, `UseListener` is preferred instead!")] @@ -29,7 +20,7 @@ public BunkumHttpServer(BunkumListener listener, LoggerConfiguration? configurat /// protected override BunkumListener CreateDefaultListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) { - return new Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, this._cert); + return new Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, null); } /// diff --git a/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs b/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs index 09e15e0..636bb1a 100644 --- a/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs +++ b/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs @@ -12,9 +12,9 @@ public SocketHttpListenerContext(System.Net.Sockets.Socket socket, Stream stream protected override async Task SendResponseInternal(HttpStatusCode code, ArraySegment? data = null) { // this is dumb and stupid - this.ResponseHeaders.Add("Server", "Bunkum"); - this.ResponseHeaders.Add("Connection", "close"); - this.ResponseHeaders.Add("Date", DateTime.UtcNow.ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'")); + this.ResponseHeaders.TryAdd("Server", "Bunkum"); + this.ResponseHeaders.TryAdd("Connection", "close"); + this.ResponseHeaders.TryAdd("Date", DateTime.UtcNow.ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'")); List response = new() { $"HTTP/1.1 {code.GetHashCode()} {code.ToString()}" }; // TODO: spaced code names ("Not Found" instead of "NotFound") foreach ((string? key, string? value) in this.ResponseHeaders) diff --git a/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj b/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj new file mode 100644 index 0000000..32be40d --- /dev/null +++ b/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj @@ -0,0 +1,13 @@ + + + + net8.0 + enable + enable + + + + + + + diff --git a/Bunkum.Protocols.Https/BunkumHttpsServer.cs b/Bunkum.Protocols.Https/BunkumHttpsServer.cs new file mode 100644 index 0000000..e84212d --- /dev/null +++ b/Bunkum.Protocols.Https/BunkumHttpsServer.cs @@ -0,0 +1,33 @@ +using System.Security.Cryptography.X509Certificates; +using Bunkum.Core; +using Bunkum.Core.Configuration; +using Bunkum.Listener; +using NotEnoughLogs; +using NotEnoughLogs.Sinks; + +namespace Bunkum.Protocols.Https; + +public class BunkumHttpsServer : BunkumServer +{ + private readonly X509Certificate2? _cert; + + public BunkumHttpsServer(LoggerConfiguration? configuration = null, List? sinks = null, + SslConfiguration? sslConfiguration = null) : base(configuration, sinks) + { + //If the SSL configuration is not specified, load the config from JSON + sslConfiguration ??= Config.LoadFromJsonFile("ssl.json", this.Logger); + + this._cert = sslConfiguration.SslEnabled + ? new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword) + : null; + } + + /// + protected override BunkumListener CreateDefaultListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) + { + return new Http.Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, this._cert); + } + + /// + protected override string ProtocolUriName => "https"; +} \ No newline at end of file diff --git a/Bunkum.Protocols.Http/SslConfiguration.cs b/Bunkum.Protocols.Https/SslConfiguration.cs similarity index 92% rename from Bunkum.Protocols.Http/SslConfiguration.cs rename to Bunkum.Protocols.Https/SslConfiguration.cs index 742cde8..c450b42 100644 --- a/Bunkum.Protocols.Http/SslConfiguration.cs +++ b/Bunkum.Protocols.Https/SslConfiguration.cs @@ -1,6 +1,6 @@ using Bunkum.Core.Configuration; -namespace Bunkum.Protocols.Http; +namespace Bunkum.Protocols.Https; public class SslConfiguration : Config { diff --git a/Bunkum.sln b/Bunkum.sln index fc30410..3844dba 100644 --- a/Bunkum.sln +++ b/Bunkum.sln @@ -69,6 +69,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Database", "Database", "{ED EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "DataStore", "DataStore", "{D09D7F3C-B198-40D8-B7E0-CC2CFFC75CDD}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bunkum.Protocols.Https", "Bunkum.Protocols.Https\Bunkum.Protocols.Https.csproj", "{FEDB1C3F-5549-4B44-94CE-54FFE590A35A}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -174,6 +176,10 @@ Global {23BC7994-0E93-4FB3-8D31-16EC3BE1198B}.Debug|Any CPU.Build.0 = Debug|Any CPU {23BC7994-0E93-4FB3-8D31-16EC3BE1198B}.Release|Any CPU.ActiveCfg = Release|Any CPU {23BC7994-0E93-4FB3-8D31-16EC3BE1198B}.Release|Any CPU.Build.0 = Release|Any CPU + {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Debug|Any CPU.Build.0 = Debug|Any CPU + {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Release|Any CPU.ActiveCfg = Release|Any CPU + {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(NestedProjects) = preSolution {B6B9F1DD-7E85-402E-88A7-EF6B88E6CE9A} = {77922B8B-F6FE-47D6-8742-6BA528BC8D7C} @@ -200,5 +206,6 @@ Global {DEE9CFC0-9529-451F-9633-AF5B49498AFB} = {EDBF1652-710C-4CF9-8890-AF3B46FDA8E1} {D09D7F3C-B198-40D8-B7E0-CC2CFFC75CDD} = {77922B8B-F6FE-47D6-8742-6BA528BC8D7C} {993BD323-2E2C-4E79-9252-F92B8CEB834D} = {D09D7F3C-B198-40D8-B7E0-CC2CFFC75CDD} + {FEDB1C3F-5549-4B44-94CE-54FFE590A35A} = {BBAA9024-6FEC-4C68-9F96-83D2055EC6D2} EndGlobalSection EndGlobal From 4bda1343795581205dc090398eec1c6afc0faa32 Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Mon, 8 Jul 2024 20:47:33 -0700 Subject: [PATCH 4/9] Remove unneeded ssl toggle --- Bunkum.Protocols.Https/BunkumHttpsServer.cs | 4 +--- Bunkum.Protocols.Https/SslConfiguration.cs | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/Bunkum.Protocols.Https/BunkumHttpsServer.cs b/Bunkum.Protocols.Https/BunkumHttpsServer.cs index e84212d..4823731 100644 --- a/Bunkum.Protocols.Https/BunkumHttpsServer.cs +++ b/Bunkum.Protocols.Https/BunkumHttpsServer.cs @@ -17,9 +17,7 @@ public BunkumHttpsServer(LoggerConfiguration? configuration = null, List("ssl.json", this.Logger); - this._cert = sslConfiguration.SslEnabled - ? new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword) - : null; + this._cert = new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword); } /// diff --git a/Bunkum.Protocols.Https/SslConfiguration.cs b/Bunkum.Protocols.Https/SslConfiguration.cs index c450b42..54f99de 100644 --- a/Bunkum.Protocols.Https/SslConfiguration.cs +++ b/Bunkum.Protocols.Https/SslConfiguration.cs @@ -10,7 +10,6 @@ public class SslConfiguration : Config protected override void Migrate(int oldVer, dynamic oldConfig) {} - public bool SslEnabled { get; set; } = false; public string SslCertificate { get; set; } = "cert.pfx"; public string? CertificatePassword { get; set; } = "password here or null"; } \ No newline at end of file From 494b2b051509f8d0adb7f3e980a91431b309d281 Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Mon, 8 Jul 2024 20:48:07 -0700 Subject: [PATCH 5/9] fore matting --- Bunkum.Protocols.Http/BunkumHttpServer.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Bunkum.Protocols.Http/BunkumHttpServer.cs b/Bunkum.Protocols.Http/BunkumHttpServer.cs index 08308b5..b20bf42 100644 --- a/Bunkum.Protocols.Http/BunkumHttpServer.cs +++ b/Bunkum.Protocols.Http/BunkumHttpServer.cs @@ -10,8 +10,7 @@ namespace Bunkum.Protocols.Http; public class BunkumHttpServer : BunkumServer { public BunkumHttpServer(LoggerConfiguration? configuration = null, List? sinks = null) : base(configuration, sinks) - { - } + {} [Obsolete("This constructor is obsolete, `UseListener` is preferred instead!")] public BunkumHttpServer(BunkumListener listener, LoggerConfiguration? configuration = null, List? sinks = null) : base(listener, configuration, sinks) From 3a7627b3d68249983da193f57387cc6b85bd94ac Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Tue, 9 Jul 2024 15:52:24 -0700 Subject: [PATCH 6/9] Update Bunkum.Protocols.Http/Socket/SocketHttpListener.cs Co-authored-by: jvyden --- Bunkum.Protocols.Http/Socket/SocketHttpListener.cs | 2 -- 1 file changed, 2 deletions(-) diff --git a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs index 57c9357..e6f7cf5 100644 --- a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs +++ b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs @@ -252,9 +252,7 @@ private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, // If this an SSL connection, set the remote certificate if (sslStream != null) - { context.RemoteCertificate = sslStream.RemoteCertificate; - } return context; } From 366a32145a72b7b27b642790475b383748c04b7a Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Thu, 11 Jul 2024 12:15:30 -0700 Subject: [PATCH 7/9] Move SslConfiguration to a shared project --- .../Bunkum.Protocols.Gemini.csproj | 1 + Bunkum.Protocols.Gemini/BunkumGeminiServer.cs | 1 + .../Socket/SocketHttpListenerContext.cs | 7 +++++-- .../Bunkum.Protocols.Https.csproj | 1 + Bunkum.Protocols.Https/BunkumHttpsServer.cs | 1 + Bunkum.Protocols.Https/SslConfiguration.cs | 15 --------------- .../Bunkum.Protocols.TlsSupport.csproj | 13 +++++++++++++ .../SslConfiguration.cs | 10 ++++++++-- Bunkum.sln | 7 +++++++ 9 files changed, 37 insertions(+), 19 deletions(-) delete mode 100644 Bunkum.Protocols.Https/SslConfiguration.cs create mode 100644 Bunkum.Protocols.TlsSupport/Bunkum.Protocols.TlsSupport.csproj rename {Bunkum.Protocols.Gemini => Bunkum.Protocols.TlsSupport}/SslConfiguration.cs (55%) diff --git a/Bunkum.Protocols.Gemini/Bunkum.Protocols.Gemini.csproj b/Bunkum.Protocols.Gemini/Bunkum.Protocols.Gemini.csproj index 01b8349..8820305 100644 --- a/Bunkum.Protocols.Gemini/Bunkum.Protocols.Gemini.csproj +++ b/Bunkum.Protocols.Gemini/Bunkum.Protocols.Gemini.csproj @@ -36,6 +36,7 @@ + diff --git a/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs b/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs index 5bcc1be..1f0852e 100644 --- a/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs +++ b/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs @@ -3,6 +3,7 @@ using Bunkum.Core.Configuration; using Bunkum.Listener; using Bunkum.Protocols.Gemini.Socket; +using Bunkum.Protocols.TlsSupport; using NotEnoughLogs; using NotEnoughLogs.Sinks; diff --git a/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs b/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs index 636bb1a..b8bd7a2 100644 --- a/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs +++ b/Bunkum.Protocols.Http/Socket/SocketHttpListenerContext.cs @@ -11,10 +11,13 @@ public SocketHttpListenerContext(System.Net.Sockets.Socket socket, Stream stream protected override async Task SendResponseInternal(HttpStatusCode code, ArraySegment? data = null) { - // this is dumb and stupid + // These are "TryAdd" and not "Add" since if you are proxying requests, + // both of these should be set to the headers sent by the proxied server, and not be generated by Bunkum directly this.ResponseHeaders.TryAdd("Server", "Bunkum"); - this.ResponseHeaders.TryAdd("Connection", "close"); this.ResponseHeaders.TryAdd("Date", DateTime.UtcNow.ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'")); + // This is an unconditional set because Bunkum does not support keep-alive connections, + // theres currently no reason for anything other than Bunkum to set this value + this.ResponseHeaders["Connection"] = "close"; List response = new() { $"HTTP/1.1 {code.GetHashCode()} {code.ToString()}" }; // TODO: spaced code names ("Not Found" instead of "NotFound") foreach ((string? key, string? value) in this.ResponseHeaders) diff --git a/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj b/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj index 32be40d..5c7ff46 100644 --- a/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj +++ b/Bunkum.Protocols.Https/Bunkum.Protocols.Https.csproj @@ -8,6 +8,7 @@ + diff --git a/Bunkum.Protocols.Https/BunkumHttpsServer.cs b/Bunkum.Protocols.Https/BunkumHttpsServer.cs index 4823731..526f303 100644 --- a/Bunkum.Protocols.Https/BunkumHttpsServer.cs +++ b/Bunkum.Protocols.Https/BunkumHttpsServer.cs @@ -2,6 +2,7 @@ using Bunkum.Core; using Bunkum.Core.Configuration; using Bunkum.Listener; +using Bunkum.Protocols.TlsSupport; using NotEnoughLogs; using NotEnoughLogs.Sinks; diff --git a/Bunkum.Protocols.Https/SslConfiguration.cs b/Bunkum.Protocols.Https/SslConfiguration.cs deleted file mode 100644 index 54f99de..0000000 --- a/Bunkum.Protocols.Https/SslConfiguration.cs +++ /dev/null @@ -1,15 +0,0 @@ -using Bunkum.Core.Configuration; - -namespace Bunkum.Protocols.Https; - -public class SslConfiguration : Config -{ - public override int CurrentConfigVersion => 1; - public override int Version { get; set; } - - protected override void Migrate(int oldVer, dynamic oldConfig) - {} - - public string SslCertificate { get; set; } = "cert.pfx"; - public string? CertificatePassword { get; set; } = "password here or null"; -} \ No newline at end of file diff --git a/Bunkum.Protocols.TlsSupport/Bunkum.Protocols.TlsSupport.csproj b/Bunkum.Protocols.TlsSupport/Bunkum.Protocols.TlsSupport.csproj new file mode 100644 index 0000000..91c48da --- /dev/null +++ b/Bunkum.Protocols.TlsSupport/Bunkum.Protocols.TlsSupport.csproj @@ -0,0 +1,13 @@ + + + + net8.0 + enable + enable + + + + + + + diff --git a/Bunkum.Protocols.Gemini/SslConfiguration.cs b/Bunkum.Protocols.TlsSupport/SslConfiguration.cs similarity index 55% rename from Bunkum.Protocols.Gemini/SslConfiguration.cs rename to Bunkum.Protocols.TlsSupport/SslConfiguration.cs index 512e933..70167a3 100644 --- a/Bunkum.Protocols.Gemini/SslConfiguration.cs +++ b/Bunkum.Protocols.TlsSupport/SslConfiguration.cs @@ -1,6 +1,6 @@ using Bunkum.Core.Configuration; -namespace Bunkum.Protocols.Gemini; +namespace Bunkum.Protocols.TlsSupport; public class SslConfiguration : Config { @@ -10,6 +10,12 @@ public class SslConfiguration : Config protected override void Migrate(int oldVer, dynamic oldConfig) {} + /// + /// The path to the certificate + /// public string SslCertificate { get; set; } = "cert.pfx"; - public string? CertificatePassword { get; set; } = "password here or null"; + /// + /// The password for the certificate, null if none + /// + public string? CertificatePassword { get; set; } } \ No newline at end of file diff --git a/Bunkum.sln b/Bunkum.sln index 3844dba..bcdc1ed 100644 --- a/Bunkum.sln +++ b/Bunkum.sln @@ -71,6 +71,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "DataStore", "DataStore", "{ EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bunkum.Protocols.Https", "Bunkum.Protocols.Https\Bunkum.Protocols.Https.csproj", "{FEDB1C3F-5549-4B44-94CE-54FFE590A35A}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bunkum.Protocols.TlsSupport", "Bunkum.Protocols.TlsSupport\Bunkum.Protocols.TlsSupport.csproj", "{B7B1AAD8-2E00-439E-A587-7434E51C1E9E}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -180,6 +182,10 @@ Global {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Debug|Any CPU.Build.0 = Debug|Any CPU {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Release|Any CPU.ActiveCfg = Release|Any CPU {FEDB1C3F-5549-4B44-94CE-54FFE590A35A}.Release|Any CPU.Build.0 = Release|Any CPU + {B7B1AAD8-2E00-439E-A587-7434E51C1E9E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {B7B1AAD8-2E00-439E-A587-7434E51C1E9E}.Debug|Any CPU.Build.0 = Debug|Any CPU + {B7B1AAD8-2E00-439E-A587-7434E51C1E9E}.Release|Any CPU.ActiveCfg = Release|Any CPU + {B7B1AAD8-2E00-439E-A587-7434E51C1E9E}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(NestedProjects) = preSolution {B6B9F1DD-7E85-402E-88A7-EF6B88E6CE9A} = {77922B8B-F6FE-47D6-8742-6BA528BC8D7C} @@ -207,5 +213,6 @@ Global {D09D7F3C-B198-40D8-B7E0-CC2CFFC75CDD} = {77922B8B-F6FE-47D6-8742-6BA528BC8D7C} {993BD323-2E2C-4E79-9252-F92B8CEB834D} = {D09D7F3C-B198-40D8-B7E0-CC2CFFC75CDD} {FEDB1C3F-5549-4B44-94CE-54FFE590A35A} = {BBAA9024-6FEC-4C68-9F96-83D2055EC6D2} + {B7B1AAD8-2E00-439E-A587-7434E51C1E9E} = {BBAA9024-6FEC-4C68-9F96-83D2055EC6D2} EndGlobalSection EndGlobal From 7912b257f09a529844ac4966b52eccd16f9cc2ab Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Thu, 11 Jul 2024 14:18:55 -0700 Subject: [PATCH 8/9] Add enabled SSL protocols and cipher suites to SslConfiguration --- Bunkum.Protocols.Gemini/BunkumGeminiServer.cs | 7 +-- .../Socket/SocketGeminiListener.cs | 19 +++++--- Bunkum.Protocols.Http/BunkumHttpServer.cs | 2 +- .../Socket/SocketHttpListener.cs | 43 +++++++------------ Bunkum.Protocols.Https/BunkumHttpsServer.cs | 7 +-- .../SslConfiguration.cs | 31 +++++++++++++ 6 files changed, 70 insertions(+), 39 deletions(-) diff --git a/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs b/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs index 1f0852e..1d35c75 100644 --- a/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs +++ b/Bunkum.Protocols.Gemini/BunkumGeminiServer.cs @@ -12,6 +12,7 @@ namespace Bunkum.Protocols.Gemini; public class BunkumGeminiServer : BunkumServer { private readonly X509Certificate2 _cert; + private readonly SslConfiguration _sslConfiguration; /// /// Create a new BunkumGeminiServer @@ -22,14 +23,14 @@ public class BunkumGeminiServer : BunkumServer public BunkumGeminiServer(SslConfiguration? sslConfiguration = null, LoggerConfiguration? configuration = null, List? sinks = null) : base(configuration, sinks) { //If the SSL configuration is not specified, load the config from JSON - sslConfiguration ??= Config.LoadFromJsonFile("geminissl.json", this.Logger); + this._sslConfiguration = sslConfiguration ?? Config.LoadFromJsonFile("geminissl.json", this.Logger); - this._cert = new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword); + this._cert = new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), this._sslConfiguration.CertificatePassword); } protected override BunkumListener CreateDefaultListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) { - return new SocketGeminiListener(this._cert, listenEndpoint, logger); + return new SocketGeminiListener(this._cert, this._sslConfiguration, listenEndpoint, logger); } protected override string ProtocolUriName => "gemini"; } \ No newline at end of file diff --git a/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs b/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs index 2ae9c4c..bbc6809 100644 --- a/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs +++ b/Bunkum.Protocols.Gemini/Socket/SocketGeminiListener.cs @@ -2,7 +2,7 @@ using System.Net; using System.Net.Security; using System.Net.Sockets; -using System.Security.Authentication; +using System.Runtime.InteropServices; using System.Security.Cryptography.X509Certificates; using System.Text; using System.Text.RegularExpressions; @@ -11,6 +11,7 @@ using Bunkum.Listener.Extensions; using Bunkum.Listener.Protocol; using Bunkum.Listener.Request; +using Bunkum.Protocols.TlsSupport; using NotEnoughLogs; namespace Bunkum.Protocols.Gemini.Socket; @@ -20,14 +21,16 @@ public partial class SocketGeminiListener : BunkumGeminiListener private System.Net.Sockets.Socket? _socket; private readonly Uri _listenEndpoint; private readonly X509Certificate2 _cert; + private readonly SslConfiguration _sslConfiguration; [GeneratedRegex("^[a-zA-Z]+$")] private static partial Regex LettersRegex(); - public SocketGeminiListener(X509Certificate2 cert, Uri listenEndpoint, Logger logger) : base(logger) + public SocketGeminiListener(X509Certificate2 cert, SslConfiguration sslConfiguration, Uri listenEndpoint, Logger logger) : base(logger) { this._listenEndpoint = listenEndpoint; this._cert = cert; + this._sslConfiguration = sslConfiguration; this.Logger.LogInfo(ListenerCategory.Startup, "Internal Gemini server is listening at URL {0}", listenEndpoint); } @@ -88,13 +91,19 @@ private async Task ReadRequestIntoContext(System.Net.Sockets.So { SslStream stream = new(rawStream); - await stream.AuthenticateAsServerAsync(new SslServerAuthenticationOptions + SslServerAuthenticationOptions authOptions = new() { - EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13, + EnabledSslProtocols = this._sslConfiguration.EnabledSslProtocols, ServerCertificate = this._cert, ClientCertificateRequired = true, RemoteCertificateValidationCallback = (_, _, _, _) => true, - }); + }; + + // If the cipher suite set is enabled, and we are not on windows, enable the selected cipher suites + if (this._sslConfiguration.EnabledCipherSuites != null && !RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + authOptions.CipherSuitesPolicy = new CipherSuitesPolicy(this._sslConfiguration.EnabledCipherSuites); + + await stream.AuthenticateAsServerAsync(authOptions); Uri uri = new(GetPath(stream)); diff --git a/Bunkum.Protocols.Http/BunkumHttpServer.cs b/Bunkum.Protocols.Http/BunkumHttpServer.cs index b20bf42..de394b2 100644 --- a/Bunkum.Protocols.Http/BunkumHttpServer.cs +++ b/Bunkum.Protocols.Http/BunkumHttpServer.cs @@ -19,7 +19,7 @@ public BunkumHttpServer(BunkumListener listener, LoggerConfiguration? configurat /// protected override BunkumListener CreateDefaultListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) { - return new Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, null); + return new Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger); } /// diff --git a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs index e6f7cf5..e41ea5f 100644 --- a/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs +++ b/Bunkum.Protocols.Http/Socket/SocketHttpListener.cs @@ -21,15 +21,26 @@ public partial class SocketHttpListener : BunkumHttpListener private readonly Uri _listenEndpoint; private readonly bool _useForwardedIp; private readonly X509Certificate2? _cert; + private readonly SslProtocols _enabledSslProtocols; + private readonly TlsCipherSuite[]? _enabledCipherSuites; [GeneratedRegex("^[a-zA-Z]+$")] private static partial Regex LettersRegex(); - public SocketHttpListener(Uri listenEndpoint, bool useForwardedIp, Logger logger, X509Certificate2? certificate) : base(logger) + public SocketHttpListener( + Uri listenEndpoint, + bool useForwardedIp, + Logger logger, + X509Certificate2? certificate = null, + SslProtocols enabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13, + TlsCipherSuite[]? enabledCipherSuites = null) + : base(logger) { this._listenEndpoint = listenEndpoint; this._useForwardedIp = useForwardedIp; this._cert = certificate; + this._enabledCipherSuites = enabledCipherSuites; + this._enabledSslProtocols = enabledSslProtocols; this.Logger.LogInfo(ListenerCategory.Startup, "Internal HTTP server is listening at URL " + listenEndpoint); } @@ -91,37 +102,15 @@ private ListenerContext ReadRequestIntoContext(System.Net.Sockets.Socket client, SslServerAuthenticationOptions authOptions = new() { - //TODO: move this into the config - EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11, + EnabledSslProtocols = this._enabledSslProtocols, ServerCertificate = this._cert, ClientCertificateRequired = false, RemoteCertificateValidationCallback = (_, _, _, _) => true, }; - // On Windows we cant set the cipher suites - if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) - { - //TODO: move this into the config somehow - authOptions.CipherSuitesPolicy = new CipherSuitesPolicy([ - // ps3 - TlsCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256, - TlsCipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256, - TlsCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA, - TlsCipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, - TlsCipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA, - TlsCipherSuite.TLS_RSA_WITH_RC4_128_SHA, - TlsCipherSuite.TLS_RSA_WITH_RC4_128_MD5, - // modern - TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - ]); - } + // If the cipher suite set is enabled, and we are not on windows, enable the selected cipher suites + if (this._enabledCipherSuites != null && !RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + authOptions.CipherSuitesPolicy = new CipherSuitesPolicy(this._enabledCipherSuites); sslStream.AuthenticateAsServer(authOptions); diff --git a/Bunkum.Protocols.Https/BunkumHttpsServer.cs b/Bunkum.Protocols.Https/BunkumHttpsServer.cs index 526f303..eb17778 100644 --- a/Bunkum.Protocols.Https/BunkumHttpsServer.cs +++ b/Bunkum.Protocols.Https/BunkumHttpsServer.cs @@ -11,20 +11,21 @@ namespace Bunkum.Protocols.Https; public class BunkumHttpsServer : BunkumServer { private readonly X509Certificate2? _cert; + private readonly SslConfiguration _sslConfiguration; public BunkumHttpsServer(LoggerConfiguration? configuration = null, List? sinks = null, SslConfiguration? sslConfiguration = null) : base(configuration, sinks) { //If the SSL configuration is not specified, load the config from JSON - sslConfiguration ??= Config.LoadFromJsonFile("ssl.json", this.Logger); + this._sslConfiguration = sslConfiguration ?? Config.LoadFromJsonFile("ssl.json", this.Logger); - this._cert = new X509Certificate2(File.ReadAllBytes(sslConfiguration.SslCertificate), sslConfiguration.CertificatePassword); + this._cert = new X509Certificate2(File.ReadAllBytes(this._sslConfiguration.SslCertificate), this._sslConfiguration.CertificatePassword); } /// protected override BunkumListener CreateDefaultListener(Uri listenEndpoint, bool useForwardedIp, Logger logger) { - return new Http.Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, this._cert); + return new Http.Socket.SocketHttpListener(listenEndpoint, useForwardedIp, logger, this._cert, this._sslConfiguration.EnabledSslProtocols, this._sslConfiguration.EnabledCipherSuites); } /// diff --git a/Bunkum.Protocols.TlsSupport/SslConfiguration.cs b/Bunkum.Protocols.TlsSupport/SslConfiguration.cs index 70167a3..31ac529 100644 --- a/Bunkum.Protocols.TlsSupport/SslConfiguration.cs +++ b/Bunkum.Protocols.TlsSupport/SslConfiguration.cs @@ -1,4 +1,8 @@ +using System.Net.Security; +using System.Security.Authentication; using Bunkum.Core.Configuration; +using Newtonsoft.Json; +using Newtonsoft.Json.Converters; namespace Bunkum.Protocols.TlsSupport; @@ -18,4 +22,31 @@ protected override void Migrate(int oldVer, dynamic oldConfig) /// The password for the certificate, null if none /// public string? CertificatePassword { get; set; } + + /// + /// The SSL protocols which are enabled. If null, enables TLS1.3 and TLS1.2 + /// + [JsonProperty("enabledSslProtocols", ItemConverterType = typeof(StringEnumConverter))] + private SslProtocols[]? _EnabledSslProtocols { get; set; } + /// + /// The cipher suites which are enabled. If null, lets the system decide + /// + [JsonProperty(ItemConverterType = typeof(StringEnumConverter))] + public TlsCipherSuite[]? EnabledCipherSuites { get; set; } + + public SslProtocols EnabledSslProtocols + { + get + { + SslProtocols protocols = SslProtocols.None; + + if (this._EnabledSslProtocols == null) + protocols = SslProtocols.Tls12 | SslProtocols.Tls13; + else + protocols = this._EnabledSslProtocols + .Aggregate(protocols, (current, protocol) => current | protocol); + + return protocols; + } + } } \ No newline at end of file From fd389c6b82dfa21970002a8fdda7e0bcaebdddfc Mon Sep 17 00:00:00 2001 From: Beyley Thomas Date: Thu, 11 Jul 2024 16:33:05 -0700 Subject: [PATCH 9/9] Fix config names and update publish workflow --- .github/workflows/nuget.yml | 8 ++++++++ Bunkum.Protocols.TlsSupport/SslConfiguration.cs | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nuget.yml b/.github/workflows/nuget.yml index 011138e..8172fc8 100644 --- a/.github/workflows/nuget.yml +++ b/.github/workflows/nuget.yml @@ -57,6 +57,14 @@ jobs: run: dotnet nuget push Bunkum.Protocols.Http/bin/Release/Bunkum.Protocols.Http.${VERSION}.nupkg --source https://api.nuget.org/v3/index.json --api-key ${NUGET_TOKEN} env: NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} + - name: Upload Bunkum.Protocols.Https + run: dotnet nuget push Bunkum.Protocols.Https/bin/Release/Bunkum.Protocols.Https.${VERSION}.nupkg --source https://api.nuget.org/v3/index.json --api-key ${NUGET_TOKEN} + env: + NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} + - name: Upload Bunkum.Protocols.TlsSupport + run: dotnet nuget push Bunkum.Protocols.TlsSupport/bin/Release/Bunkum.Protocols.TlsSupport.${VERSION}.nupkg --source https://api.nuget.org/v3/index.json --api-key ${NUGET_TOKEN} + env: + NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} - name: Upload Bunkum.Protocols.Gopher run: dotnet nuget push Bunkum.Protocols.Gopher/bin/Release/Bunkum.Protocols.Gopher.${VERSION}.nupkg --source https://api.nuget.org/v3/index.json --api-key ${NUGET_TOKEN} env: diff --git a/Bunkum.Protocols.TlsSupport/SslConfiguration.cs b/Bunkum.Protocols.TlsSupport/SslConfiguration.cs index 31ac529..7eaecf8 100644 --- a/Bunkum.Protocols.TlsSupport/SslConfiguration.cs +++ b/Bunkum.Protocols.TlsSupport/SslConfiguration.cs @@ -26,7 +26,7 @@ protected override void Migrate(int oldVer, dynamic oldConfig) /// /// The SSL protocols which are enabled. If null, enables TLS1.3 and TLS1.2 /// - [JsonProperty("enabledSslProtocols", ItemConverterType = typeof(StringEnumConverter))] + [JsonProperty("EnabledSslProtocols", ItemConverterType = typeof(StringEnumConverter))] private SslProtocols[]? _EnabledSslProtocols { get; set; } /// /// The cipher suites which are enabled. If null, lets the system decide @@ -34,6 +34,7 @@ protected override void Migrate(int oldVer, dynamic oldConfig) [JsonProperty(ItemConverterType = typeof(StringEnumConverter))] public TlsCipherSuite[]? EnabledCipherSuites { get; set; } + [JsonIgnore] public SslProtocols EnabledSslProtocols { get