Merge pull request #247 from amohtashami12307/TesterToCheckWetherTheSslProtocolsReallyWork

Tester to check wether the ssl protocols really work

Author: mythz

src/ServiceStack.Redis/RedisEndpoint.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
+using System.Security.Authentication;
 using System.Text;
 using ServiceStack.IO;
 using ServiceStack.Text;
@@ -34,6 +35,7 @@ public RedisEndpoint(string host, int port, string password = null, long db = Re
         public string Host { get; set; }
         public int Port { get; set; }
         public bool Ssl { get; set; }
+        public SslProtocols? SslProtocols {get; set;}
         public int ConnectTimeout { get; set; }
         public int SendTimeout { get; set; }
         public int ReceiveTimeout { get; set; }
@@ -59,6 +61,8 @@ public override string ToString()
                 args.Add("Db=" + Db);
             if (Ssl)
                 args.Add("Ssl=true");
+            if (SslProtocols != null)
+                args.Add("SslProtocols=" + SslProtocols.ToString());
             if (ConnectTimeout != RedisConfig.DefaultConnectTimeout)
                 args.Add("ConnectTimeout=" + ConnectTimeout);
             if (SendTimeout != RedisConfig.DefaultSendTimeout)
@@ -83,6 +87,7 @@ protected bool Equals(RedisEndpoint other)
             return string.Equals(Host, other.Host) 
                 && Port == other.Port 
                 && Ssl.Equals(other.Ssl) 
+                && SslProtocols.Equals(other.SslProtocols)
                 && ConnectTimeout == other.ConnectTimeout 
                 && SendTimeout == other.SendTimeout 
                 && ReceiveTimeout == other.ReceiveTimeout 
@@ -109,6 +114,7 @@ public override int GetHashCode()
                 var hashCode = (Host != null ? Host.GetHashCode() : 0);
                 hashCode = (hashCode * 397) ^ Port;
                 hashCode = (hashCode * 397) ^ Ssl.GetHashCode();
+                hashCode = (hashCode * 397) ^ SslProtocols.GetHashCode();
                 hashCode = (hashCode * 397) ^ ConnectTimeout;
                 hashCode = (hashCode * 397) ^ SendTimeout;
                 hashCode = (hashCode * 397) ^ ReceiveTimeout;

src/ServiceStack.Redis/RedisExtensions.cs

@@ -15,6 +15,7 @@
 using System.Globalization;
 using System.Linq;
 using System.Net.Sockets;
+using System.Security.Authentication;
 using ServiceStack.Model;
 using ServiceStack.Text;
 
@@ -76,6 +77,12 @@ public static RedisEndpoint ToRedisEndpoint(this string connectionString, int? d
                             if (useDefaultPort)
                                 endpoint.Port = RedisConfig.DefaultPortSsl;
                             break;
+                        case "sslprotocols":
+                            SslProtocols protocols;
+                            value = value?.Replace("|", ",");
+                            if (!Enum.TryParse(value, true, out protocols)) throw new ArgumentOutOfRangeException("Keyword '" + name + "' requires an SslProtocol value (multiple values separated by '|').");
+                            endpoint.SslProtocols = protocols;
+                            break;
                         case "client":
                             endpoint.Client = value;
                             break;

src/ServiceStack.Redis/RedisNativeClient.cs

@@ -21,6 +21,7 @@
 using ServiceStack.Logging;
 using ServiceStack.Redis.Pipeline;
 using ServiceStack.Text;
+using System.Security.Authentication;
 
 namespace ServiceStack.Redis
 {
@@ -91,6 +92,7 @@ internal bool Active
         public string Host { get; private set; }
         public int Port { get; private set; }
         public bool Ssl { get; private set; }
+        public SslProtocols? SslProtocols { get; private set; }
 
         /// <summary>
         /// Gets or sets object key prefix.
@@ -177,6 +179,7 @@ private void Init(RedisEndpoint config)
             Client = config.Client;
             Db = config.Db;
             Ssl = config.Ssl;
+            SslProtocols = config.SslProtocols;
             IdleTimeOutSecs = config.IdleTimeOutSecs;
             ServerVersionNumber = RedisConfig.AssumeServerVersion.GetValueOrDefault();
             LogPrefix = "#" + ClientId + " ";

src/ServiceStack.Redis/RedisNativeClient_Utils.cs

@@ -18,7 +18,9 @@
 using System.Net;
 using System.Net.Security;
 using System.Net.Sockets;
+using System.Security.Authentication;
 using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -167,7 +169,14 @@ private void Connect()
 #if NETSTANDARD2_0
                     sslStream.AuthenticateAsClientAsync(Host).Wait();
 #else
-                    sslStream.AuthenticateAsClient(Host);
+                    if (SslProtocols != null)
+                    {
+                        sslStream.AuthenticateAsClient(Host, new X509CertificateCollection(), SslProtocols ?? System.Security.Authentication.SslProtocols.Default, checkCertificateRevocation: true);
+                    } else
+                    {
+                        sslStream.AuthenticateAsClient(Host);
+                    }
+                    
 #endif
 
                     if (!sslStream.IsEncrypted)

src/StackExchangeTester/App.config

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
+    </startup>
+</configuration>

src/StackExchangeTester/Program.cs

@@ -0,0 +1,22 @@
+using ServiceStack.Redis;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace StackExchangeTester
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+            var x = new RedisManagerPool("MQHnkdl402DScXzhZIxHwDaA7s8nziy45okp84ykShA=@tls-11.redis.cache.windows.net:6380?ssl=true&sslprotocols=Tls11");
+            var y = x.GetClient();
+            y.Ping();
+            y.Set<string>("keyServiceStackSllChangesIStillHave512mb", "value");
+            y.Dispose();
+            x.Dispose();
+        }
+    }
+}

src/StackExchangeTester/StackExchangeTester.csproj

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{0214D0F0-EA41-4593-B558-71F974CF7C62}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>StackExchangeTester</RootNamespace>
+    <AssemblyName>StackExchangeTester</AssemblyName>
+    <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\tests\Console.Tests\Console.Tests.csproj">
+      <Project>{8368c965-b4f6-4263-9abb-731a175b2e77}</Project>
+      <Name>Console.Tests</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\tests\ServiceStack.Redis.Tests.Sentinel\ServiceStack.Redis.Tests.Sentinel.csproj">
+      <Project>{91c55091-a946-49b5-9517-8794ebcc5784}</Project>
+      <Name>ServiceStack.Redis.Tests.Sentinel</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\tests\ServiceStack.Redis.Tests\ServiceStack.Redis.Tests.csproj">
+      <Project>{951d28ee-5d22-4c62-ac0f-1661a8ceec5a}</Project>
+      <Name>ServiceStack.Redis.Tests</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\ServiceStack.Redis\ServiceStack.Redis.csproj">
+      <Project>{af99f19b-4c04-4f58-81ef-b092f1fcc540}</Project>
+      <Name>ServiceStack.Redis</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <COMReference Include="DCMAssemblyProviderLib">
+      <Guid>{EDE973DE-4C9A-11DE-A33F-06DC55D89593}</Guid>
+      <VersionMajor>1</VersionMajor>
+      <VersionMinor>0</VersionMinor>
+      <Lcid>0</Lcid>
+      <WrapperTool>tlbimp</WrapperTool>
+      <Isolated>False</Isolated>
+      <EmbedInteropTypes>True</EmbedInteropTypes>
+    </COMReference>
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="azureconfig.txt" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

tests/ServiceStack.Redis.Tests/ConfigTests.cs

@@ -27,11 +27,14 @@ public void OneTimeTearDown()
         [TestCase("host:1?password=pass&client=nunit", "{Host:host,Port:1,Client:nunit,Password:pass}")]
         [TestCase("host:1?db=2", "{Host:host,Port:1,Db:2}")]
         [TestCase("host?ssl=true", "{Host:host,Port:6380,Ssl:True}")]
+        [TestCase("host:6380?ssl=true&password=pass&sslprotocols=Tls12", "{Host:host,Port:6380,Ssl:True,Password:pass,SslProtocols:Tls12}")]
         [TestCase("host:1?ssl=true", "{Host:host,Port:1,Ssl:True}")]
         [TestCase("host:1?connectTimeout=1&sendtimeout=2&receiveTimeout=3&idletimeoutsecs=4",
             "{Host:host,Port:1,ConnectTimeout:1,SendTimeout:2,ReceiveTimeout:3,IdleTimeOutSecs:4}")]
         [TestCase("redis://nunit:pass@host:1?ssl=true&db=1&connectTimeout=2&sendtimeout=3&receiveTimeout=4&retryTimeout=5&idletimeoutsecs=5&NamespacePrefix=prefix.",
             "{Host:host,Port:1,Ssl:True,Client:nunit,Password:pass,Db:1,ConnectTimeout:2,SendTimeout:3,ReceiveTimeout:4,RetryTimeout:5,IdleTimeOutSecs:5,NamespacePrefix:prefix.}")]
+        [TestCase("redis://nunit:pass@host:1?ssl=true&sslprotocols=Tls12&db=1&connectTimeout=2&sendtimeout=3&receiveTimeout=4&retryTimeout=5&idletimeoutsecs=5&NamespacePrefix=prefix.",
+            "{Host:host,Port:1,Ssl:True,Client:nunit,Password:pass,SslProtocols:Tls12,Db:1,ConnectTimeout:2,SendTimeout:3,ReceiveTimeout:4,RetryTimeout:5,IdleTimeOutSecs:5,NamespacePrefix:prefix.}")]
         public void Does_handle_different_connection_strings_settings(string connString, string expectedJsv)
         {
             var actual = connString.ToRedisEndpoint();
@@ -55,6 +58,7 @@ public void Does_handle_different_connection_strings_settings(string connString,
             "host:1?ConnectTimeout=1&SendTimeout=2&ReceiveTimeout=3&IdleTimeOutSecs=4")]
         [TestCase("redis://nunit:pass@host:1?ssl=true&db=1&connectTimeout=2&sendtimeout=3&receiveTimeout=4&idletimeoutsecs=5&NamespacePrefix=prefix.",
             "host:1?Client=nunit&Password=pass&Db=1&Ssl=true&ConnectTimeout=2&SendTimeout=3&ReceiveTimeout=4&IdleTimeOutSecs=5&NamespacePrefix=prefix.")]
+        [TestCase("password@host:6380?ssl=true&sslprotocols=Tls12", "host:6380?Password=password&Ssl=true&SslProtocols=Tls12")]
         public void Does_Serialize_RedisEndpoint(string connString, string expectedString)
         {
             var actual = connString.ToRedisEndpoint();
@@ -64,8 +68,8 @@ public void Does_Serialize_RedisEndpoint(string connString, string expectedStrin
         [Test]
         public void Does_set_all_properties_on_Client_using_ClientsManagers()
         {
-            var connStr = "redis://nunit:pass@host:1?ssl=true&db=0&connectTimeout=2&sendtimeout=3&receiveTimeout=4&idletimeoutsecs=5&NamespacePrefix=prefix.";
-            var expected = "{Host:host,Port:1,Ssl:True,Client:nunit,Password:pass,Db:0,ConnectTimeout:2,SendTimeout:3,ReceiveTimeout:4,IdleTimeOutSecs:5,NamespacePrefix:prefix.}"
+            var connStr = "redis://nunit:pass@host:1?ssl=true&sslprotocols=Tls12&db=0&connectTimeout=2&sendtimeout=3&receiveTimeout=4&idletimeoutsecs=5&NamespacePrefix=prefix.";
+            var expected = "{Host:host,Port:1,Ssl:True,SslProtocols:Tls12,Client:nunit,Password:pass,Db:0,ConnectTimeout:2,SendTimeout:3,ReceiveTimeout:4,IdleTimeOutSecs:5,NamespacePrefix:prefix.}"
                 .FromJsv<RedisEndpoint>();
 
             using (var pooledManager = new RedisManagerPool(connStr))
@@ -122,6 +126,7 @@ private static void AssertClient(RedisClient redis, RedisEndpoint expected)
             Assert.That(redis.Host, Is.EqualTo(expected.Host));
             Assert.That(redis.Port, Is.EqualTo(expected.Port));
             Assert.That(redis.Ssl, Is.EqualTo(expected.Ssl));
+            Assert.That(redis.SslProtocols, Is.EqualTo(expected.SslProtocols));
             Assert.That(redis.Client, Is.EqualTo(expected.Client));
             Assert.That(redis.Password, Is.EqualTo(expected.Password));
             Assert.That(redis.Db, Is.EqualTo(expected.Db));

tests/ServiceStack.Redis.Tests/SslTests.cs

@@ -67,6 +67,18 @@ public void Can_connect_to_ssl_azure_redis_with_UrlFormat()
             }
         }
 
+        [Test]
+        public void Can_connect_to_ssl_azure_redis_with_UrlFormat_Custom_SSL_Protocol ()
+        {
+            var url = "redis://{0}?ssl=true&sslprotocols=Tls12&password={1}".Fmt(Host, Password.UrlEncode());
+            using (var client = new RedisClient(url))
+            {
+                client.Set("foo", "bar");
+                var foo = client.GetValue("foo");
+                foo.Print();
+            }
+        }
+
         [Test]
         public void Can_connect_to_ssl_azure_redis_with_PooledClientsManager()
         {