Feedback

John Luo · John Luo · commit c883fb2dea37 · 2020-06-15T19:59:02.000-07:00
diff --git a/src/Servers/Kestrel/Core/src/CoreStrings.resx b/src/Servers/Kestrel/Core/src/CoreStrings.resx
@@ -563,7 +563,7 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
   <data name="RequestTrailersNotAvailable" xml:space="preserve">
     <value>The request trailers are not available yet. They may not be available until the full request body is read.</value>
   </data>
-  <data name="HTTP2NoTlsOsx" xml:space="preserve">
+  <data name="Http2NoTlsOsx" xml:space="preserve">
     <value>HTTP/2 over TLS is not supported on macOS due to missing ALPN support.</value>
   </data>
   <data name="Http2StreamResetByApplication" xml:space="preserve">
@@ -602,10 +602,10 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
   <data name="HttpsConnectionEstablished" xml:space="preserve">
     <value>Connection "{connectionId}" established using the following protocol: {protocol}</value>
   </data>
-  <data name="HTTP2DefaultCiphersInsufficient" xml:space="preserve">
+  <data name="Http2DefaultCiphersInsufficient" xml:space="preserve">
     <value>HTTP/2 over TLS is not supported on Windows versions older than Windows 10 and Windows Server 2016 due to incompatible ciphers or missing ALPN support. Falling back to HTTP/1.1 instead.</value>
   </data>
-  <data name="HTTP2NoTlsWin81" xml:space="preserve">
+  <data name="Http2NoTlsWin81" xml:space="preserve">
     <value>HTTP/2 over TLS is not supported on Windows versions earlier than Windows 10 and Windows Server 2016 due to incompatible ciphers or missing ALPN support.</value>
   </data>
   <data name="Http2ErrorKeepAliveTimeout" xml:space="preserve">
diff --git a/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs b/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs
@@ -25,12 +25,12 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal
 {
     internal class HttpsConnectionMiddleware
     {
+        private const string EnableWindows81Http2 = "Microsoft.AspNetCore.Server.Kestrel.EnableWindows81Http2";
         private readonly ConnectionDelegate _next;
         private readonly HttpsConnectionAdapterOptions _options;
         private readonly ILogger _logger;
         private readonly X509Certificate2 _serverCertificate;
         private readonly Func<ConnectionContext, string, X509Certificate2> _serverCertificateSelector;
-        private const string EnableWindows81Http2 = "Microsoft.AspNetCore.Server.Kestrel.EnableWindows81Http2";
 
         public HttpsConnectionMiddleware(ConnectionDelegate next, HttpsConnectionAdapterOptions options)
           : this(next, options, loggerFactory: NullLoggerFactory.Instance)
@@ -52,31 +52,17 @@ public HttpsConnectionMiddleware(ConnectionDelegate next, HttpsConnectionAdapter
             {
                 if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
                 {
-                    throw new NotSupportedException(CoreStrings.HTTP2NoTlsOsx);
+                    throw new NotSupportedException(CoreStrings.Http2NoTlsOsx);
                 }
-                else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                else if (IsWindowsVersionIncompatible())
                 {
-                    var enableHttp2OnWindows81 = AppContext.TryGetSwitch(EnableWindows81Http2, out var enabled) && enabled;
-                    if (Environment.OSVersion.Version < new Version(6, 3)
-                        || (Environment.OSVersion.Version < new Version(10, 0) && !enableHttp2OnWindows81))
-                    {
-                        throw new NotSupportedException(CoreStrings.HTTP2NoTlsWin81);
-                    }
+                    throw new NotSupportedException(CoreStrings.Http2NoTlsWin81);
                 }
             }
-
-            if (options.HttpProtocols == HttpProtocols.Http1AndHttp2)
+            else if (options.HttpProtocols == HttpProtocols.Http1AndHttp2 && IsWindowsVersionIncompatible())
             {
-                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-                {
-                    var enableHttp2OnWindows81 = AppContext.TryGetSwitch(EnableWindows81Http2, out var enabled) && enabled;
-                    if (Environment.OSVersion.Version < new Version(6, 3)
-                        || (Environment.OSVersion.Version < new Version(10, 0) && !enableHttp2OnWindows81))
-                    {
-                        _logger.HTTP2DefaultCiphersInsufficient();
-                        options.HttpProtocols = HttpProtocols.Http1;
-                    }
-                }
+                _logger.Http2DefaultCiphersInsufficient();
+                options.HttpProtocols = HttpProtocols.Http1;
             }
 
             _next = next;
@@ -318,6 +304,21 @@ private static X509Certificate2 ConvertToX509Certificate2(X509Certificate certif
 
             return new X509Certificate2(certificate);
         }
+
+        private static bool IsWindowsVersionIncompatible()
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var enableHttp2OnWindows81 = AppContext.TryGetSwitch(EnableWindows81Http2, out var enabled) && enabled;
+                if (Environment.OSVersion.Version < new Version(6, 3)
+                    || (Environment.OSVersion.Version < new Version(10, 0) && !enableHttp2OnWindows81))
+                {
+                    return true;
+                }
+            }
+
+            return false;
+        }
     }
 
     internal static class HttpsConnectionMiddlewareLoggerExtensions
@@ -344,15 +345,15 @@ internal static class HttpsConnectionMiddlewareLoggerExtensions
         private static readonly Action<ILogger, Exception> _http2DefaultCiphersInsufficient =
             LoggerMessage.Define(
                 logLevel: LogLevel.Information,
-                eventId: new EventId(4, "HTTP2DefaultCiphersInsufficient"),
-                formatString: CoreStrings.HTTP2DefaultCiphersInsufficient);
+                eventId: new EventId(4, "Http2DefaultCiphersInsufficient"),
+                formatString: CoreStrings.Http2DefaultCiphersInsufficient);
 
         public static void AuthenticationFailed(this ILogger logger, Exception exception) => _authenticationFailed(logger, exception);
 
         public static void AuthenticationTimedOut(this ILogger logger) => _authenticationTimedOut(logger, null);
 
         public static void HttpsConnectionEstablished(this ILogger logger, string connectionId, SslProtocols sslProtocol) => _httpsConnectionEstablished(logger, connectionId, sslProtocol, null);
 
-        public static void HTTP2DefaultCiphersInsufficient(this ILogger logger) => _http2DefaultCiphersInsufficient(logger, null);
+        public static void Http2DefaultCiphersInsufficient(this ILogger logger) => _http2DefaultCiphersInsufficient(logger, null);
     }
 }
diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs
@@ -653,6 +653,35 @@ public void Http1AndHttp2DoesNotDowngradeOnCompatibleWindowsVersions()
             Assert.Equal(HttpProtocols.Http1AndHttp2, httpConnectionAdapterOptions.HttpProtocols);
         }
 
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.MacOSX | OperatingSystems.Linux, SkipReason = "Error logic only applies on Windows")]
+        [MaximumOSVersion(OperatingSystems.Windows, WindowsVersions.Win81)]
+        public void Http2ThrowsOnIncompatibleWindowsVersions()
+        {
+            var httpConnectionAdapterOptions = new HttpsConnectionAdapterOptions
+            {
+                ServerCertificate = _x509Certificate2,
+                HttpProtocols = HttpProtocols.Http2
+            };
+
+            Assert.Throws<NotSupportedException>(() => new HttpsConnectionMiddleware(context => Task.CompletedTask, httpConnectionAdapterOptions));
+        }
+
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.MacOSX | OperatingSystems.Linux, SkipReason = "Error logic only applies on Windows")]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)]
+        public void Http2DoesNotThrowOnCompatibleWindowsVersions()
+        {
+            var httpConnectionAdapterOptions = new HttpsConnectionAdapterOptions
+            {
+                ServerCertificate = _x509Certificate2,
+                HttpProtocols = HttpProtocols.Http2
+            };
+
+            // Does not throw
+            new HttpsConnectionMiddleware(context => Task.CompletedTask, httpConnectionAdapterOptions);
+        }
+
         private static async Task App(HttpContext httpContext)
         {
             var request = httpContext.Request;
