comments 1

Author: DeagleGross

src/Servers/Kestrel/Core/src/ListenOptionsHttpsExtensions.cs

@@ -270,6 +270,15 @@ public static ListenOptions UseHttps(this ListenOptions listenOptions, TlsHandsh
         listenOptions.IsTls = true;
         listenOptions.HttpsCallbackOptions = callbackOptions;
 
+        if (listenOptions.HttpsOptions?.TlsClientHelloBytesCallback is not null)
+        {
+            listenOptions.Use(next =>
+            {
+                var middleware = new TlsListenerMiddleware(next, listenOptions.HttpsOptions.TlsClientHelloBytesCallback);
+                return middleware.OnTlsClientHelloAsync;
+            });
+        }
+
         listenOptions.Use(next =>
         {
             // Set the list of protocols from listen options.

src/Servers/Kestrel/Core/src/Middleware/TlsListenerMiddleware.cs

@@ -30,35 +30,46 @@ internal async Task OnTlsClientHelloAsync(ConnectionContext connection)
             var result = await input.ReadAsync();
             var buffer = result.Buffer;
 
-            // If the buffer length is less than 6 bytes (handshake + version + length + client-hello byte)
-            // and no more data is coming, we can't block in a loop here because we will not get more data
-            if (buffer.Length < 6 && result.IsCompleted)
+            try
             {
-                break;
+                // If the buffer length is less than 6 bytes (handshake + version + length + client-hello byte)
+                // and no more data is coming, we can't block in a loop here because we will not get more data
+                if (buffer.Length < 6 && result.IsCompleted)
+                {
+                    break;
+                }
+
+                var parseState = TryParseClientHello(buffer, out var clientHelloBytes);
+
+                if (parseState == ClientHelloParseState.NotEnoughData)
+                {
+                    continue;
+                }
+
+                if (parseState == ClientHelloParseState.ValidTlsClientHello)
+                {
+                    _tlsClientHelloBytesCallback(connection, clientHelloBytes);
+                }
+
+                Debug.Assert(parseState is ClientHelloParseState.ValidTlsClientHello or ClientHelloParseState.NotTlsClientHello);
+                break; // We can continue with the middleware pipeline
             }
-
-            var parseState = TryParseClientHello(buffer, out var clientHelloBytes);
-
-            // no data is consumed, it will be processed by the follow-up middlewares
-            input.AdvanceTo(buffer.Start);
-
-            if (parseState == ClientHelloParseState.NotEnoughData)
+            finally
             {
-                continue;
+                input.AdvanceTo(buffer.Start);
             }
-
-            if (parseState == ClientHelloParseState.ValidTlsClientHello)
-            {
-                _tlsClientHelloBytesCallback(connection, clientHelloBytes);
-            }
-
-            Debug.Assert(parseState is ClientHelloParseState.ValidTlsClientHello or ClientHelloParseState.NotTlsClientHello);
-            break; // We can continue with the middleware pipeline
         }
 
         await _next(connection);
     }
 
+    /// <summary>
+    /// RFCs
+    /// ----
+    /// TLS 1.1: https://datatracker.ietf.org/doc/html/rfc4346#section-6.2
+    /// TLS 1.2: https://datatracker.ietf.org/doc/html/rfc5246#section-6.2
+    /// TLS 1.3: https://datatracker.ietf.org/doc/html/rfc8446#section-5.1
+    /// </summary>
     private static ClientHelloParseState TryParseClientHello(ReadOnlySequence<byte> buffer, out ReadOnlySequence<byte> clientHelloBytes)
     {
         clientHelloBytes = default;

src/Servers/Kestrel/test/InMemory.FunctionalTests/TlsListenerMiddlewareTests.cs

@@ -57,6 +57,7 @@ await sslStream.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
 
                     var request = Encoding.ASCII.GetBytes("GET / HTTP/1.1\r\nHost:\r\n\r\n");
                     await sslStream.WriteAsync(request, 0, request.Length);
+                    await sslStream.ReadAsync(new Memory<byte>(new byte[1024]));
                 }
             }
         }