From 9223d3cd0248096a9c918fd352e9688baee7100c Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Tue, 13 Jul 2021 13:47:15 -0700 Subject: [PATCH 1/5] Add supported protocols --- .../netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs | 6 ++++++ .../netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs | 3 +-- .../src/Microsoft/Data/SqlClient/SNI/SNITcpHandle.cs | 2 +- .../Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs | 6 +----- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs index bd3facd5fc..9890fc5a0e 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information. using System; +using System.Security.Authentication; namespace Microsoft.Data.SqlClient.SNI { @@ -11,6 +12,11 @@ namespace Microsoft.Data.SqlClient.SNI /// internal abstract class SNIHandle { + /// + /// TLS 1.3 (not fully supported) in addition to obsolete and insecure protocols are excluded. + /// + protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls; + /// /// Dispose class /// diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs index 4571dd470b..6ee37166e8 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs @@ -355,8 +355,7 @@ public override uint EnableSsl(uint options) _validateCert = (options & TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE) != 0; try { - - _sslStream.AuthenticateAsClient(_targetServer); + _sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, true); _sslOverTdsStream.FinishHandshake(); } catch (AuthenticationException aue) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNITcpHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNITcpHandle.cs index d2a8341c0f..eecf4331fe 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNITcpHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNITcpHandle.cs @@ -584,7 +584,7 @@ public override uint EnableSsl(uint options) try { - _sslStream.AuthenticateAsClient(_targetServer); + _sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, true); _sslOverTdsStream.FinishHandshake(); } catch (AuthenticationException aue) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs index ecb6e0bb43..96073452e0 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs @@ -421,13 +421,9 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion) protocolVersion = (int)SslProtocols.Ssl2; #pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated } - else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE)) - { - protocolVersion = (int)SslProtocols.None; - } else { - throw new ArgumentException(StringsHelper.Format(StringsHelper.net_invalid_enum, nameof(NativeProtocols)), nameof(NativeProtocols)); + throw ADP.Argument(StringsHelper.Format(StringsHelper.net_invalid_enum, nameof(NativeProtocols)), nameof(NativeProtocols)); } return returnValue; } From 8f1199fa4151c575673dfd46a61d48474c395c1a Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Wed, 14 Jul 2021 14:28:44 -0700 Subject: [PATCH 2/5] Adress comments --- .../netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs | 8 ++++++-- .../Data/SqlClient/TdsParserStateObjectNative.cs | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs index 9890fc5a0e..972ac7aee3 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs @@ -13,9 +13,13 @@ namespace Microsoft.Data.SqlClient.SNI internal abstract class SNIHandle { /// - /// TLS 1.3 (not fully supported) in addition to obsolete and insecure protocols are excluded. + /// Exclude Tls 1.3 (not fully supported). /// - protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls; + protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls +#pragma warning disable CS0618 // Type or member is obsolete + | SslProtocols.Ssl2 | SslProtocols.Ssl3 +#pragma warning restore CS0618 // Type or member is obsolete + ; /// /// Dispose class diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs index 96073452e0..89df41b417 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs @@ -421,9 +421,9 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion) protocolVersion = (int)SslProtocols.Ssl2; #pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated } - else + else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE)) { - throw ADP.Argument(StringsHelper.Format(StringsHelper.net_invalid_enum, nameof(NativeProtocols)), nameof(NativeProtocols)); + protocolVersion = (int)SslProtocols.None; } return returnValue; } From 53cc74f7327a7b8e1449bc28cd46d501991cd0c5 Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Wed, 28 Jul 2021 13:17:10 -0700 Subject: [PATCH 3/5] Add support the switch --- BUILDGUIDE.md | 6 ++++ .../Interop/SNINativeMethodWrapper.Windows.cs | 4 +-- .../Microsoft/Data/SqlClient/SNI/SNIHandle.cs | 3 +- .../Interop/SNINativeManagedWrapperX64.cs | 2 +- .../Interop/SNINativeManagedWrapperX86.cs | 2 +- .../Data/Interop/SNINativeMethodWrapper.cs | 8 +++--- .../Data/SqlClient/LocalAppContextSwitches.cs | 28 +++++++++++++++---- 7 files changed, 38 insertions(+), 15 deletions(-) diff --git a/BUILDGUIDE.md b/BUILDGUIDE.md index cc9a60e538..818b1964fe 100644 --- a/BUILDGUIDE.md +++ b/BUILDGUIDE.md @@ -257,6 +257,12 @@ To use this feature, you must enable the following AppContext switch at applicat **"Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior"** +## Enabling OS secure protocols preference + +Tls 1.3 has been taken out in view of the fact that the driver lacks full support. To jump back on the OS preferences as same as earlier, you must enable the following AppContext switch on application's startup: + +**"Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS"** + ## Debugging SqlClient on Linux from Windows For enhanced developer experience, we support debugging SqlClient on Linux from Windows, using the project "**Microsoft.Data.SqlClient.DockerLinuxTest**" that requires "Container Tools" to be enabled in Visual Studio. You may import configuration: [VS19Components.vsconfig](./tools/vsconfig/VS19Components.vsconfig) if not enabled already. diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs b/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs index 20159ca382..7a2050fe09 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs @@ -264,7 +264,7 @@ internal struct SNI_Error private static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] - private static extern uint SNIInitialize([In] IntPtr pmo); + private static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] private static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); @@ -340,7 +340,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP internal static uint SNIInitialize() { - return SNIInitialize(IntPtr.Zero); + return SNIInitialize(LocalAppContextSwitches.EnableSecureProtocolsByOS, IntPtr.Zero); } internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs index 972ac7aee3..6a60c3f436 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs @@ -15,7 +15,8 @@ internal abstract class SNIHandle /// /// Exclude Tls 1.3 (not fully supported). /// - protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls + protected readonly SslProtocols SupportedProtocols = LocalAppContextSwitches.EnableSecureProtocolsByOS ? SslProtocols.None : SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls + //protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls #pragma warning disable CS0618 // Type or member is obsolete | SslProtocols.Ssl2 | SslProtocols.Ssl3 #pragma warning restore CS0618 // Type or member is obsolete diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs index b28c736977..f389e479a0 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX64 internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")] - internal static extern uint SNIInitialize([In] IntPtr pmo); + internal static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs index 2dc215ad36..0132dc04e1 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX86 internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")] - internal static extern uint SNIInitialize([In] IntPtr pmo); + internal static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs index 19dd12587a..2b38c52844 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs @@ -585,11 +585,11 @@ private static uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapp SNINativeManagedWrapperX86.SNIGetInfoWrapper(pConn, QType, out provNum); } - private static uint SNIInitialize([In] IntPtr pmo) + private static uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo) { return s_is64bitProcess ? - SNINativeManagedWrapperX64.SNIInitialize(pmo) : - SNINativeManagedWrapperX86.SNIInitialize(pmo); + SNINativeManagedWrapperX64.SNIInitialize(enableSecureProtocolsByOS, pmo) : + SNINativeManagedWrapperX86.SNIInitialize(enableSecureProtocolsByOS, pmo); } private static uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn) @@ -757,7 +757,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP internal static uint SNIInitialize() { - return SNIInitialize(IntPtr.Zero); + return SNIInitialize(LocalAppContextSwitches.EnableSecureProtocolsByOS, IntPtr.Zero); } internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo) diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs index 9d2111ac24..e6f7030b4e 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs @@ -13,11 +13,13 @@ internal static partial class LocalAppContextSwitches private const string TypeName = nameof(LocalAppContextSwitches); internal const string MakeReadAsyncBlockingString = @"Switch.Microsoft.Data.SqlClient.MakeReadAsyncBlocking"; internal const string LegacyRowVersionNullString = @"Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior"; + internal const string EnableSecureProtocolsByOSString = @"Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS"; // safety switch internal const string EnableRetryLogicSwitch = "Switch.Microsoft.Data.SqlClient.EnableRetryLogic"; private static bool _makeReadAsyncBlocking; private static bool? s_LegacyRowVersionNullBehavior; + private static bool? s_EnableSecureProtocolsByOS; private static bool? s_isRetryEnabled = null; #if !NETFRAMEWORK @@ -70,15 +72,29 @@ public static bool LegacyRowVersionNullBehavior { if (s_LegacyRowVersionNullBehavior is null) { - bool value = false; - if (AppContext.TryGetSwitch(LegacyRowVersionNullString, out bool providedValue)) - { - value = providedValue; - } - s_LegacyRowVersionNullBehavior = value; + bool result; + result = AppContext.TryGetSwitch(LegacyRowVersionNullString, out result) ? result : false; + s_LegacyRowVersionNullBehavior = result; } return s_LegacyRowVersionNullBehavior.Value; } } + + /// + /// For backward compatibility, this switch can be on to jump back on OS preferences. + /// + public static bool EnableSecureProtocolsByOS + { + get + { + if (s_EnableSecureProtocolsByOS is null) + { + bool result; + result = AppContext.TryGetSwitch(EnableSecureProtocolsByOSString, out result) ? result : false; + s_EnableSecureProtocolsByOS = result; + } + return s_EnableSecureProtocolsByOS.Value; + } + } } } From dcaab15c6fe72a5da398bd0ea3abfba937758c8d Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Fri, 30 Jul 2021 15:39:04 -0700 Subject: [PATCH 4/5] Address comments --- .../src/Interop/SNINativeMethodWrapper.Windows.cs | 4 ++-- .../src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs | 2 +- .../Data/Interop/SNINativeManagedWrapperX64.cs | 2 +- .../Data/Interop/SNINativeManagedWrapperX86.cs | 2 +- .../Data/Interop/SNINativeMethodWrapper.cs | 8 ++++---- .../Data/SqlClient/LocalAppContextSwitches.cs | 14 +++++++------- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs b/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs index 7a2050fe09..7f1b3e17ea 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs @@ -264,7 +264,7 @@ internal struct SNI_Error private static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] - private static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo); + private static extern uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] private static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); @@ -340,7 +340,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP internal static uint SNIInitialize() { - return SNIInitialize(LocalAppContextSwitches.EnableSecureProtocolsByOS, IntPtr.Zero); + return SNIInitialize(LocalAppContextSwitches.UseSystemDefaultSecureProtocols, IntPtr.Zero); } internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs index 6a60c3f436..a2887b4541 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs @@ -15,7 +15,7 @@ internal abstract class SNIHandle /// /// Exclude Tls 1.3 (not fully supported). /// - protected readonly SslProtocols SupportedProtocols = LocalAppContextSwitches.EnableSecureProtocolsByOS ? SslProtocols.None : SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls + protected readonly SslProtocols SupportedProtocols = LocalAppContextSwitches.UseSystemDefaultSecureProtocols ? SslProtocols.None : SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls //protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls #pragma warning disable CS0618 // Type or member is obsolete | SslProtocols.Ssl2 | SslProtocols.Ssl3 diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs index f389e479a0..abbfda7ede 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX64 internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")] - internal static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo); + internal static extern uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs index 0132dc04e1..b700e4b108 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX86 internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")] - internal static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo); + internal static extern uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs index 2b38c52844..d1fb0ad3e5 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs @@ -585,11 +585,11 @@ private static uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapp SNINativeManagedWrapperX86.SNIGetInfoWrapper(pConn, QType, out provNum); } - private static uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo) + private static uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo) { return s_is64bitProcess ? - SNINativeManagedWrapperX64.SNIInitialize(enableSecureProtocolsByOS, pmo) : - SNINativeManagedWrapperX86.SNIInitialize(enableSecureProtocolsByOS, pmo); + SNINativeManagedWrapperX64.SNIInitialize(useSystemDefaultSecureProtocols, pmo) : + SNINativeManagedWrapperX86.SNIInitialize(useSystemDefaultSecureProtocols, pmo); } private static uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn) @@ -757,7 +757,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP internal static uint SNIInitialize() { - return SNIInitialize(LocalAppContextSwitches.EnableSecureProtocolsByOS, IntPtr.Zero); + return SNIInitialize(LocalAppContextSwitches.UseSystemDefaultSecureProtocols, IntPtr.Zero); } internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo) diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs index e6f7030b4e..c0947e5854 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs @@ -13,13 +13,13 @@ internal static partial class LocalAppContextSwitches private const string TypeName = nameof(LocalAppContextSwitches); internal const string MakeReadAsyncBlockingString = @"Switch.Microsoft.Data.SqlClient.MakeReadAsyncBlocking"; internal const string LegacyRowVersionNullString = @"Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior"; - internal const string EnableSecureProtocolsByOSString = @"Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS"; + internal const string UseSystemDefaultSecureProtocolsString = @"Switch.Microsoft.Data.SqlClient.UseSystemDefaultSecureProtocols"; // safety switch internal const string EnableRetryLogicSwitch = "Switch.Microsoft.Data.SqlClient.EnableRetryLogic"; private static bool _makeReadAsyncBlocking; private static bool? s_LegacyRowVersionNullBehavior; - private static bool? s_EnableSecureProtocolsByOS; + private static bool? s_UseSystemDefaultSecureProtocols; private static bool? s_isRetryEnabled = null; #if !NETFRAMEWORK @@ -83,17 +83,17 @@ public static bool LegacyRowVersionNullBehavior /// /// For backward compatibility, this switch can be on to jump back on OS preferences. /// - public static bool EnableSecureProtocolsByOS + public static bool UseSystemDefaultSecureProtocols { get { - if (s_EnableSecureProtocolsByOS is null) + if (s_UseSystemDefaultSecureProtocols is null) { bool result; - result = AppContext.TryGetSwitch(EnableSecureProtocolsByOSString, out result) ? result : false; - s_EnableSecureProtocolsByOS = result; + result = AppContext.TryGetSwitch(UseSystemDefaultSecureProtocolsString, out result) ? result : false; + s_UseSystemDefaultSecureProtocols = result; } - return s_EnableSecureProtocolsByOS.Value; + return s_UseSystemDefaultSecureProtocols.Value; } } } From 7fdb9d23c29d430612f43e0431bcfa52c54d8a04 Mon Sep 17 00:00:00 2001 From: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com> Date: Fri, 30 Jul 2021 15:41:47 -0700 Subject: [PATCH 5/5] Apply suggestions from code review Co-authored-by: David Engel --- BUILDGUIDE.md | 2 +- .../netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/BUILDGUIDE.md b/BUILDGUIDE.md index 818b1964fe..1ebb710197 100644 --- a/BUILDGUIDE.md +++ b/BUILDGUIDE.md @@ -259,7 +259,7 @@ To use this feature, you must enable the following AppContext switch at applicat ## Enabling OS secure protocols preference -Tls 1.3 has been taken out in view of the fact that the driver lacks full support. To jump back on the OS preferences as same as earlier, you must enable the following AppContext switch on application's startup: +TLS 1.3 has been excluded due to the fact that the driver lacks full support. To enable OS preferences as before, enable the following AppContext switch on application startup: **"Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS"** diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs index a2887b4541..dbee403f41 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs @@ -13,7 +13,7 @@ namespace Microsoft.Data.SqlClient.SNI internal abstract class SNIHandle { /// - /// Exclude Tls 1.3 (not fully supported). + /// Exclude TLS 1.3 (not fully supported). /// protected readonly SslProtocols SupportedProtocols = LocalAppContextSwitches.UseSystemDefaultSecureProtocols ? SslProtocols.None : SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls //protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls