From 7274f4390c253fe6692cb3657c33f91bb8b02fdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20=C5=81obacz?= Date: Fri, 30 Oct 2020 12:45:57 +0100 Subject: [PATCH] added support for Tls1.3 protocol --- .../WebSocket4NetMqttClientAdapterFactory.cs | 4 ++++ Source/MQTTnet.Server/Mqtt/MqttServerService.cs | 6 ++++++ .../MqttClientOptionsBuilderTlsParameters.cs | 4 ++++ .../Client/Options/MqttClientTlsOptions.cs | 4 ++++ .../Implementations/MqttTcpChannel.Uwp.cs | 16 ++++++++++++++++ 5 files changed, 34 insertions(+) diff --git a/Source/MQTTnet.Extensions.Wrappers.WebSocket4Net/WebSocket4NetMqttClientAdapterFactory.cs b/Source/MQTTnet.Extensions.Wrappers.WebSocket4Net/WebSocket4NetMqttClientAdapterFactory.cs index ed29be8..924c13a 100644 --- a/Source/MQTTnet.Extensions.Wrappers.WebSocket4Net/WebSocket4NetMqttClientAdapterFactory.cs +++ b/Source/MQTTnet.Extensions.Wrappers.WebSocket4Net/WebSocket4NetMqttClientAdapterFactory.cs @@ -52,7 +52,11 @@ namespace MQTTnet.TestApp.NetCore if (channelOptions.TlsOptions.UseTls) { uri = "wss://" + channelOptions.Uri; +#if NETCOREAPP3_0 || NET5_0 + sslProtocols = SslProtocols.Tls13; +#else sslProtocols = SslProtocols.Tls12; +#endif } var subProtocol = channelOptions.SubProtocols.FirstOrDefault() ?? string.Empty; diff --git a/Source/MQTTnet.Server/Mqtt/MqttServerService.cs b/Source/MQTTnet.Server/Mqtt/MqttServerService.cs index 8e5c043..ac11aa4 100644 --- a/Source/MQTTnet.Server/Mqtt/MqttServerService.cs +++ b/Source/MQTTnet.Server/Mqtt/MqttServerService.cs @@ -212,9 +212,15 @@ namespace MQTTnet.Server.Mqtt // Configure encrypted connections if (_settings.EncryptedTcpEndPoint.Enabled) { +#if NETCOREAPP3_0 || NET5_0 + options + .WithEncryptedEndpoint() + .WithEncryptionSslProtocol(SslProtocols.Tls13); +#else options .WithEncryptedEndpoint() .WithEncryptionSslProtocol(SslProtocols.Tls12); +#endif if (!string.IsNullOrEmpty(_settings.EncryptedTcpEndPoint?.Certificate?.Path)) { diff --git a/Source/MQTTnet/Client/Options/MqttClientOptionsBuilderTlsParameters.cs b/Source/MQTTnet/Client/Options/MqttClientOptionsBuilderTlsParameters.cs index 6f214eb..8f6abcc 100644 --- a/Source/MQTTnet/Client/Options/MqttClientOptionsBuilderTlsParameters.cs +++ b/Source/MQTTnet/Client/Options/MqttClientOptionsBuilderTlsParameters.cs @@ -19,7 +19,11 @@ namespace MQTTnet.Client.Options public Func CertificateValidationHandler { get; set; } +#if NETCOREAPP3_0 || NET5_0 + public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls13; +#else public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12; +#endif #if WINDOWS_UWP public IEnumerable> Certificates { get; set; } diff --git a/Source/MQTTnet/Client/Options/MqttClientTlsOptions.cs b/Source/MQTTnet/Client/Options/MqttClientTlsOptions.cs index 106aeb1..da926ab 100644 --- a/Source/MQTTnet/Client/Options/MqttClientTlsOptions.cs +++ b/Source/MQTTnet/Client/Options/MqttClientTlsOptions.cs @@ -26,7 +26,11 @@ namespace MQTTnet.Client.Options public List ApplicationProtocols { get; set; } #endif +#if NETCOREAPP3_0 || NET5_0 + public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls13; +#else public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12; +#endif [Obsolete("This property will be removed soon. Use CertificateValidationHandler instead.")] public Func CertificateValidationCallback { get; set; } diff --git a/Source/MQTTnet/Implementations/MqttTcpChannel.Uwp.cs b/Source/MQTTnet/Implementations/MqttTcpChannel.Uwp.cs index ce22405..20b798d 100644 --- a/Source/MQTTnet/Implementations/MqttTcpChannel.Uwp.cs +++ b/Source/MQTTnet/Implementations/MqttTcpChannel.Uwp.cs @@ -39,7 +39,11 @@ namespace MQTTnet.Implementations CreateStreams(); +#if NETCOREAPP3_0 || NET5_0 + IsSecureConnection = socket.Information.ProtectionLevel >= SocketProtectionLevel.Tls13; +#else IsSecureConnection = socket.Information.ProtectionLevel >= SocketProtectionLevel.Tls12; +#endif ClientCertificate = clientCertificate; Endpoint = _socket.Information.RemoteAddress + ":" + _socket.Information.RemotePort; @@ -75,11 +79,23 @@ namespace MQTTnet.Implementations _socket.Control.IgnorableServerCertificateErrors.Add(ignorableChainValidationResult); } +#if NETCOREAPP3_0 || NET5_0 + var socketProtectionLevel = SocketProtectionLevel.Tls13; + if (_options.TlsOptions.SslProtocol == SslProtocols.Tls12) + { + socketProtectionLevel = SocketProtectionLevel.Tls12; + } + else if (_options.TlsOptions.SslProtocol == SslProtocols.Tls11) + { + socketProtectionLevel = SocketProtectionLevel.Tls11; + } +#else var socketProtectionLevel = SocketProtectionLevel.Tls12; if (_options.TlsOptions.SslProtocol == SslProtocols.Tls11) { socketProtectionLevel = SocketProtectionLevel.Tls11; } +#endif else if (_options.TlsOptions.SslProtocol == SslProtocols.Tls) { socketProtectionLevel = SocketProtectionLevel.Tls10;