Skip to content

feat: support tls client hello bytes callback in Kestrel #61631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
May 1, 2025
Merged

feat: support tls client hello bytes callback in Kestrel #61631

Changes from 2 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
ecbc54d
support tls client hello bytes callback in Kestrel
DeagleGross Apr 23, 2025
c2a1d9e
prettify
DeagleGross Apr 23, 2025
5a91164
address comments
DeagleGross Apr 23, 2025
8201939
fix duplicate next middleware
DeagleGross Apr 23, 2025
8e5ed75
nit
DeagleGross Apr 23, 2025
48e07f8
nit nit
DeagleGross Apr 23, 2025
1fcffb8
comments 1
DeagleGross Apr 23, 2025
0581163
exit even if not enough data
DeagleGross Apr 23, 2025
2bbd480
dont re-read the same data
DeagleGross Apr 23, 2025
6f9a6de
increase delays
DeagleGross Apr 24, 2025
4f6bc2b
await the middleware
DeagleGross Apr 24, 2025
ab06730
another test fix
DeagleGross Apr 24, 2025
898c415
move tls client hello check
DeagleGross Apr 25, 2025
4f87edd
move tests
DeagleGross Apr 25, 2025
7856693
dont register callback from `TlsClientHelloBytesCallback` to not have…
DeagleGross Apr 25, 2025
d64fb45
tests
DeagleGross Apr 25, 2025
7578f2b
address comments
DeagleGross Apr 30, 2025
aae7b2f
added comment
DeagleGross Apr 30, 2025
90ef2c3
more test changes
DeagleGross Apr 30, 2025
e64cc04
nit
DeagleGross Apr 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 19 additions & 20 deletions src/Servers/Kestrel/Core/src/Middleware/TlsListenerMiddleware.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,20 +41,19 @@ internal async Task OnTlsClientHelloAsync(ConnectionContext connection)
// no data is consumed, it will be processed by the follow-up middlewares
input.AdvanceTo(buffer.Start);

switch (parseState)
if (parseState == ClientHelloParseState.NotEnoughData)
{
case ClientHelloParseState.NotEnoughData:
continue;

case ClientHelloParseState.NotTlsClientHello:
await _next(connection);
return;
continue;
}

case ClientHelloParseState.ValidTlsClientHello:
_tlsClientHelloBytesCallback(connection, clientHelloBytes);
await _next(connection);
return;
if (parseState == ClientHelloParseState.ValidTlsClientHello)
{
_tlsClientHelloBytesCallback(connection, clientHelloBytes);
}

// Here either it's a valid TLS client hello or definitely not a TLS client hello.
// Anyway we can continue with the middleware pipeline
break;
}

await _next(connection);
Expand All @@ -78,7 +77,7 @@ private static ClientHelloParseState TryParseClientHello(ReadOnlySequence<byte>
}

// Protocol version
if (!reader.TryReadBigEndian(out short version) || IsValidProtocolVersion(version) == false)
if (!reader.TryReadBigEndian(out short version) || !IsValidProtocolVersion(version))
{
return ClientHelloParseState.NotTlsClientHello;
}
Expand Down Expand Up @@ -109,14 +108,14 @@ private static ClientHelloParseState TryParseClientHello(ReadOnlySequence<byte>
}

private static bool IsValidProtocolVersion(short version)
=> version == 0x0002 // SSL 2.0 (0x0002)
|| version == 0x0300 // SSL 3.0 (0x0300)
|| version == 0x0301 // TLS 1.0 (0x0301)
|| version == 0x0302 // TLS 1.1 (0x0302)
|| version == 0x0303 // TLS 1.2 (0x0303)
|| version == 0x0304; // TLS 1.3 (0x0304)

private enum ClientHelloParseState
=> version is 0x0002 // SSL 2.0 (0x0002)
or 0x0300 // SSL 3.0 (0x0300)
or 0x0301 // TLS 1.0 (0x0301)
or 0x0302 // TLS 1.1 (0x0302)
or 0x0303 // TLS 1.2 (0x0303)
or 0x0304; // TLS 1.3 (0x0304)

private enum ClientHelloParseState : byte
{
NotEnoughData,
NotTlsClientHello,
Expand Down
Loading