Wip

Author: John Luo

.azure/pipelines/ci.yml

@@ -607,7 +607,7 @@ stages:
       - script: ./build.cmd -ci -nobl -noBuildRepoTasks -restore -noBuild -noBuildNative -projects src/Grpc/**/*.csproj
         displayName: Restore interop projects
       - script: ./build.cmd -ci -nobl -noBuildRepoTasks -noRestore -test -all -noBuildNative -projects eng\helix\helix.proj
-                /p:IsRequiredCheck=true /p:IsHelixJob=true /p:BuildInteropProjects=true /p:RunTemplateTests=true
+                /p:IsHelixDaily=true /p:IsRequiredCheck=true /p:IsHelixJob=true /p:BuildInteropProjects=true /p:RunTemplateTests=true
                 /p:ASPNETCORE_TEST_LOG_DIR=artifacts/log
         displayName: Run build.cmd helix target
         env:

src/Servers/Kestrel/Core/src/CoreStrings.resx

@@ -566,9 +566,6 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
   <data name="HTTP2NoTlsOsx" xml:space="preserve">
     <value>HTTP/2 over TLS is not supported on macOS due to missing ALPN support.</value>
   </data>
-  <data name="HTTP2NoTlsWin7" xml:space="preserve">
-    <value>HTTP/2 over TLS is not supported on Windows 7 due to missing ALPN support.</value>
-  </data>
   <data name="Http2StreamResetByApplication" xml:space="preserve">
     <value>The HTTP/2 stream was reset by the application with error code {errorCode}.</value>
   </data>
@@ -608,6 +605,9 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
   <data name="HTTP2DefaultCiphersInsufficient" xml:space="preserve">
     <value>HTTP/2 over TLS is not supported on Windows versions older than Windows 10 and Windows Server 2016 due to incompatible ciphers or missing ALPN support. Falling back to HTTP/1.1 instead.</value>
   </data>
+  <data name="HTTP2NoTlsWin81" xml:space="preserve">
+    <value>HTTP/2 over TLS is not supported on Windows versions earlier than Windows 10 and Windows Server 2016 due to incompatible ciphers or missing ALPN support.</value>
+  </data>
   <data name="Http2ErrorKeepAliveTimeout" xml:space="preserve">
     <value>Timeout while waiting for incoming HTTP/2 frames after a keep alive ping.</value>
   </data>

src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs

@@ -30,6 +30,7 @@ internal class HttpsConnectionMiddleware
         private readonly ILogger _logger;
         private readonly X509Certificate2 _serverCertificate;
         private readonly Func<ConnectionContext, string, X509Certificate2> _serverCertificateSelector;
+        private const string EnableWindows81Http2 = "Microsoft.AspNetCore.Server.Kestrel.EnableWindows81Http2";
 
         public HttpsConnectionMiddleware(ConnectionDelegate next, HttpsConnectionAdapterOptions options)
           : this(next, options, loggerFactory: NullLoggerFactory.Instance)
@@ -53,19 +54,28 @@ public HttpsConnectionMiddleware(ConnectionDelegate next, HttpsConnectionAdapter
                 {
                     throw new NotSupportedException(CoreStrings.HTTP2NoTlsOsx);
                 }
-                else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && Environment.OSVersion.Version < new Version(6, 2))
+                else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                 {
-                    throw new NotSupportedException(CoreStrings.HTTP2NoTlsWin7);
+                    var enableHttp2OnWindows81 = AppContext.TryGetSwitch(EnableWindows81Http2, out var enabled) && enabled;
+                    if (Environment.OSVersion.Version < new Version(6, 3)
+                        || (Environment.OSVersion.Version < new Version(10, 0) && !enableHttp2OnWindows81))
+                    {
+                        throw new NotSupportedException(CoreStrings.HTTP2NoTlsWin81);
+                    }
                 }
             }
 
             if (options.HttpProtocols == HttpProtocols.Http1AndHttp2)
             {
-                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)
-                    && Environment.OSVersion.Version < new Version(10, 0))
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                 {
-                    _logger.HTTP2DefaultCiphersInsufficient();
-                    options.HttpProtocols = HttpProtocols.Http1;
+                    var enableHttp2OnWindows81 = AppContext.TryGetSwitch(EnableWindows81Http2, out var enabled) && enabled;
+                    if (Environment.OSVersion.Version < new Version(6, 3)
+                        || (Environment.OSVersion.Version < new Version(10, 0) && !enableHttp2OnWindows81))
+                    {
+                        _logger.HTTP2DefaultCiphersInsufficient();
+                        options.HttpProtocols = HttpProtocols.Http1;
+                    }
                 }
             }
 

src/Servers/Kestrel/test/FunctionalTests/Http2/HandshakeTests.cs

@@ -112,7 +112,7 @@ public async Task TlsAlpnHandshakeSelectsHttp2From1and2()
         [ConditionalFact]
         [OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "Missing SslStream ALPN support: https://github.com/dotnet/corefx/issues/30492")]
         [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/10428", Queues = "Debian.8.Amd64;Debian.8.Amd64.Open")] // Debian 8 uses OpenSSL 1.0.1 which does not support HTTP/2
-        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win81)]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)]
         public async Task TlsAlpnHandshakeSelectsHttp2()
         {
             using (var server = new TestServer(context =>