Add setting to force TLS 1.2

Per aspnet#711 (and aspnet#699 before it), some users need to force TLS 1.2 for libman to work. This change adds a new user setting, "forcetls12", which will set libman to use TLS1.2 for any HttpClient it creates. I verified via WireShark that the traffic to services (cdnjs, etc) that libman calls to switched from 1.3 (my system default) to 1.2 when this setting was in place, and returned to 1.3 by unsetting it. I could also see that other connections from within VS were still using TLS1.3 so we didn't affect other components on accident.
jimmylewis · May 11, 2024 · e8f9c58 · e8f9c58
1 parent 4589d14
commit e8f9c58
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/src/LibraryManager/Cache/WebRequestHandler.cs b/src/LibraryManager/Cache/WebRequestHandler.cs
@@ -9,6 +9,7 @@
 using System.Threading.Tasks;
 using Microsoft.Web.LibraryManager.Configuration;
 using Microsoft.Web.LibraryManager.Contracts;
+using Microsoft.Web.LibraryManager.Contracts.Configuration;
 using Microsoft.Web.LibraryManager.Helpers;
 
 namespace Microsoft.Web.LibraryManager.Cache
@@ -20,12 +21,14 @@ internal class WebRequestHandler : IWebRequestHandler, IDisposable
     {
         private readonly ConcurrentDictionary<string, HttpClient> _cachedHttpClients = new ConcurrentDictionary<string, HttpClient>();
 
-        public static IWebRequestHandler Instance { get; } = new WebRequestHandler(ProxySettings.Default);
+        public static IWebRequestHandler Instance { get; } = new WebRequestHandler(ProxySettings.Default, Settings.DefaultSettings);
         private readonly ProxySettings _proxySettings;
+        private readonly ISettings _settings;
 
-        public WebRequestHandler(ProxySettings proxySettings)
+        public WebRequestHandler(ProxySettings proxySettings, ISettings settings)
         {
             _proxySettings = proxySettings;
+            _settings = settings;
         }
 
         public void Dispose()
@@ -55,9 +58,14 @@ public async Task<Stream> GetStreamAsync(string url, CancellationToken cancellat
 
         private HttpClient CreateHttpClient(string url)
         {
+
 #pragma warning disable CA2000 // Dispose objects before losing scope
             var httpMessageHandler = new HttpClientHandler();
 #pragma warning restore CA2000 // Dispose objects before losing scope
+            if (_settings.TryGetValue("forcetls12", out string value) && value.Length > 0)
+            {
+                httpMessageHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
+            }
             httpMessageHandler.Proxy = _proxySettings.GetProxy(new Uri(url));
             var httpClient = new HttpClient(httpMessageHandler);
             httpClient.DefaultRequestHeaders.UserAgent.ParseAdd($"LibraryManager/{ThisAssembly.AssemblyFileVersion}");