Merge pull request #751 from jimmylewis/tls12

phil-allen-msft · web-flow · commit 22dab056a652 · 2024-05-14T13:03:04.000-07:00
Add setting to force TLS 1.2
diff --git a/src/LibraryManager/Cache/WebRequestHandler.cs b/src/LibraryManager/Cache/WebRequestHandler.cs
@@ -9,6 +9,7 @@
 using System.Threading.Tasks;
 using Microsoft.Web.LibraryManager.Configuration;
 using Microsoft.Web.LibraryManager.Contracts;
+using Microsoft.Web.LibraryManager.Contracts.Configuration;
 using Microsoft.Web.LibraryManager.Helpers;
 
 namespace Microsoft.Web.LibraryManager.Cache
@@ -20,12 +21,14 @@ internal class WebRequestHandler : IWebRequestHandler, IDisposable
     {
         private readonly ConcurrentDictionary<string, HttpClient> _cachedHttpClients = new ConcurrentDictionary<string, HttpClient>();
 
-        public static IWebRequestHandler Instance { get; } = new WebRequestHandler(ProxySettings.Default);
+        public static IWebRequestHandler Instance { get; } = new WebRequestHandler(ProxySettings.Default, Settings.DefaultSettings);
         private readonly ProxySettings _proxySettings;
+        private readonly ISettings _settings;
 
-        public WebRequestHandler(ProxySettings proxySettings)
+        public WebRequestHandler(ProxySettings proxySettings, ISettings settings)
         {
             _proxySettings = proxySettings;
+            _settings = settings;
         }
 
         public void Dispose()
@@ -55,9 +58,14 @@ public async Task<Stream> GetStreamAsync(string url, CancellationToken cancellat
 
         private HttpClient CreateHttpClient(string url)
         {
+            
 #pragma warning disable CA2000 // Dispose objects before losing scope
             var httpMessageHandler = new HttpClientHandler();
 #pragma warning restore CA2000 // Dispose objects before losing scope
+            if (_settings.TryGetValue(Constants.ForceTls12, out string value) && value.Length > 0)
+            {
+                httpMessageHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
+            }
             httpMessageHandler.Proxy = _proxySettings.GetProxy(new Uri(url));
             var httpClient = new HttpClient(httpMessageHandler);
             httpClient.DefaultRequestHeaders.UserAgent.ParseAdd($"LibraryManager/{ThisAssembly.AssemblyFileVersion}");
diff --git a/src/LibraryManager/Configuration/Constants.cs b/src/LibraryManager/Configuration/Constants.cs
@@ -17,5 +17,6 @@ internal class Constants
         public const string HttpsProxyPassword = "https_proxy.password";
         public const string HttpsProxyBypass = "https_proxy.bypass";
 
+        public const string ForceTls12 = "forcetls12";
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,6 @@ internal class Constants`
`17`	`17`	`public const string HttpsProxyPassword = "https_proxy.password";`
`18`	`18`	`public const string HttpsProxyBypass = "https_proxy.bypass";`
`19`	`19`
	`20`	`+ public const string ForceTls12 = "forcetls12";`
`20`	`21`	`}`
`21`	`22`	`}`