Adds support to TLS1.3 and improves startup response

LordHepipud · LordHepipud · commit f0c67d3a2b94 · 2024-05-15T13:47:06.000+02:00
diff --git a/doc/100-General/10-Changelog.md b/doc/100-General/10-Changelog.md
@@ -11,6 +11,8 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 
 [Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/32)
 
+* [#732](https://github.com/Icinga/icinga-powershell-framework/pull/732) Adds support for TLS 1.3 and improves startup response
+
 ## 1.12.3 (2024-04-24)
 
 [Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/35)
diff --git a/lib/daemons/RestAPI/daemon/New-IcingaForWindowsRESTApi.psm1 b/lib/daemons/RestAPI/daemon/New-IcingaForWindowsRESTApi.psm1
@@ -121,9 +121,9 @@ function New-IcingaForWindowsRESTApi()
             Write-IcingaDebugMessage -Message 'Scheduling Icinga for Windows API request' -Objects 'REST-Thread Id', $NextRESTApiThreadId;
 
             if ($Global:Icinga.Public.Daemons.RESTApi.ApiRequests.ContainsKey($NextRESTApiThreadId) -eq $FALSE) {
-                Close-IcingaTCPConnection -Connection $Connection;
-                $Connection = $null;
-                continue;
+                # Ensure we allow API calls to be executed even in case not all threads are loaded
+                # This will increase responsiveness of the API
+                $NextRESTApiThreadId = 0;
             }
 
             $Global:Icinga.Public.Daemons.RESTApi.ApiRequests.$NextRESTApiThreadId.Add($Connection);
diff --git a/lib/webserver/New-IcingaSSLStream.psm1 b/lib/webserver/New-IcingaSSLStream.psm1
@@ -12,8 +12,9 @@ function New-IcingaSSLStream()
     [System.Net.Security.SslStream]$SSLStream = $null;
 
     try {
-        $SSLStream = New-Object System.Net.Security.SslStream($Client.GetStream(), $false);
-        $SSLStream.AuthenticateAsServer($Certificate, $false, [System.Security.Authentication.SslProtocols]::Tls12, $true) | Out-Null;
+        $SSLStream    = New-Object System.Net.Security.SslStream($Client.GetStream(), $false);
+        $TLSProtocols = [System.Security.Authentication.SslProtocols]::Tls12 -bor [System.Security.Authentication.SslProtocols]::Tls13;
+        $SSLStream.AuthenticateAsServer($Certificate, $false, $TLSProtocols, $true) | Out-Null;
     } catch {
         if ($null -ne $SSLStream) {
             $SSLStream.Close();
