use a proper path to tls subkeys

Author: DeagleGross

src/BenchmarksApps/TLS/HttpSys/RegistryController.cs

@@ -7,17 +7,25 @@ namespace HttpSys;
 [System.Diagnostics.CodeAnalysis.SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "benchmark only runs on windows")]
 public static class RegistryController
 {
-    private const string TLS12Key = @"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server";
-    private const string TLS13Key = @"SYSTEM\CurrentControlSet\Services\HTTP\Parameters";
+    // see https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hellman
+    private const string TLS12SubKey = @"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server";
+    private const string TLS13SubKey = @"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server";
+
+    private static RegistryKey RootRegistryKey => Environment.Is64BitOperatingSystem
+        ? RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)
+        : RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32);
 
     public static void ShowRegistryKeys()
     {
-        var tls12Enabled = GetRegistryValue(TLS12Key, "");
-        var tls13Enabled = GetRegistryValue(TLS13Key, "EnableHTTP3");
+        var tls12DisabledByDefault = GetRegistryValue(TLS12SubKey, "DisabledByDefault");
+        var tls12Enabled = GetRegistryValue(TLS12SubKey, "Enabled");
+
+        var tls13DisabledByDefault = GetRegistryValue(TLS13SubKey, "DisabledByDefault");
+        var tls13Enabled = GetRegistryValue(TLS13SubKey, "Enabled");
 
         var strBuilder = new StringBuilder("Registry TLS settings: \n");
-        strBuilder.AppendLine("\tTLS 1.2: " + tls12Enabled?.ToString());
-        strBuilder.AppendLine("\tTLS 1.3: " + tls13Enabled?.ToString());
+        strBuilder.AppendLine($"\tTLS 1.2: DisabledByDefault='{tls12DisabledByDefault}', Enabled='{tls12Enabled}'");
+        strBuilder.AppendLine($"\tTLS 1.3: DisabledByDefault='{tls13DisabledByDefault}', Enabled='{tls13Enabled}'");
         strBuilder.AppendLine("\t------");
 
         Console.WriteLine(strBuilder.ToString());
@@ -41,40 +49,78 @@ public static void EnableTls(SslProtocols sslProtocols)
 
     private static void EnableTls12()
     {
-        // todo
+        // Enable TLS1.2
+        SetRegistryValue(TLS12SubKey, "DisabledByDefault", value: 0, valueToOverride: 1);
+        SetRegistryValue(TLS12SubKey, "Enabled", value: 1, valueToOverride: 0);
+
+        // and disable TLS1.3
+        SetRegistryValue(TLS13SubKey, "DisabledByDefault", value: 0, valueToOverride: 1);
+        SetRegistryValue(TLS13SubKey, "Enabled", value: 0, valueToOverride: 1);
     }
 
     private static void EnableTls13()
     {
-        var localKey = Environment.Is64BitOperatingSystem
-            ? RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)
-            : RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32);
+        // Enable TLS1.3
+        SetRegistryValue(TLS13SubKey, "DisabledByDefault", value: 0, valueToOverride: 1);
+        SetRegistryValue(TLS13SubKey, "Enabled", value: 1, valueToOverride: 0);
+
+        // and disable TLS1.2
+        SetRegistryValue(TLS12SubKey, "DisabledByDefault", value: 0, valueToOverride: 1);
+        SetRegistryValue(TLS12SubKey, "Enabled", value: 0, valueToOverride: 1);
+    }
 
-        var registrySubKey = localKey.OpenSubKey(TLS13Key, writable: true);
-        if (registrySubKey is null)
+    private static void SetRegistryValue(string subKey, string name, int value, int valueToOverride)
+    {
+        var registrySubKey = GetAndCreateSubKey(subKey);
+
+        var registryValue = registrySubKey.GetValue(name) as int?;
+        if (registryValue is null || registryValue == valueToOverride)
         {
-            Console.WriteLine($"Registry subKey `{TLS13Key}` does not exist. Creating one...");
-            registrySubKey = localKey.CreateSubKey(TLS13Key);
-            Console.WriteLine($"Created Registry subKey `{TLS13Key}`");
+            Console.WriteLine($"Setting value '{value}' on {subKey}\\{name}");
+            registrySubKey.SetValue(name, value);
+            Console.WriteLine($"Successfully set value '{value}' on {subKey}\\{name}");
         }
-
-        Console.WriteLine($"Enabling registry setting {TLS13Key}\\EnableHTTP3 for TLS1.3");
-        registrySubKey.SetValue("EnableHTTP3", 1);
-        Console.WriteLine($"Enabled registry setting {TLS13Key}\\EnableHTTP3 for TLS1.3");
     }
 
-    private static string? GetRegistryValue(string path, string name)
+    private static int? GetRegistryValue(string path, string name)
     {
-        var localKey = Environment.Is64BitOperatingSystem
-            ? RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)
-            : RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32);
+        var localKey = RootRegistryKey;
 
         var registrySubKey = localKey.OpenSubKey(path);
         if (registrySubKey is not null)
         {
-            return registrySubKey.GetValue(name)?.ToString();
+            var value = registrySubKey.GetValue(name);
+            return value as int?;
         }
 
         return null;
     }
+
+    private static RegistryKey GetAndCreateSubKey(string path)
+    {
+        var parts = path.Split(@"\");
+        var localKey = RootRegistryKey;
+
+        RegistryKey? registrySubKey = null;
+        var currentPath = parts[0] + @"\" + parts[1];
+        var i = 1;
+        while (i <= parts.Length)
+        {
+            registrySubKey = localKey.OpenSubKey(currentPath, writable: true);
+            if (registrySubKey is null)
+            {
+                Console.WriteLine($"Registry subKey `{currentPath}` does not exist. Creating one...");
+                registrySubKey = localKey.CreateSubKey(currentPath, writable: true);
+                Console.WriteLine($"Created Registry subKey `{currentPath}`");
+            }
+            currentPath = string.Join(@"\", parts.Take(i++ + 1));
+        }
+
+        if (registrySubKey is null || registrySubKey.Name.Substring(localKey.Name.Length + 1) != path)
+        {
+            throw new ArgumentException($"failed to create registry subKey {path}");
+        }
+
+        return registrySubKey;
+    }
 }

src/BenchmarksApps/TLS/HttpSys/appsettings.Development.json

@@ -11,5 +11,5 @@
   "tlsRenegotiation": "true",
   "certValidationConsoleEnabled": "true",
 
-  "tlsProtocols": "tls13"
+  "tlsProtocols": "tls12"
 }