[WinHTTP] Let OS chose SSL/TLS protocol if not set to WinHttpHandler
#113525
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ManickaP
added
NO-MERGE
ManickaP
force-pushed
the
winhttp-sslprotocols
branch
from
565d9e5 to
23674ee
Compare
This was referenced Mar 14, 2025
ManickaP
force-pushed
the
winhttp-sslprotocols
branch
from
7007533 to
01b9a79
Compare
ManickaP
changed the title
SslProtocols and log ClientHello on the server.WinHttpHandler
ManickaP
added
area-System.Net.Security
and removed
NO-MERGE
There was a problem hiding this comment.
Pull Request Overview
This PR enables the OS to select the SSL/TLS protocol when WinHTTPHandler.SslProtocols is left as SslProtocols.None and removes the now‑redundant shared SecurityProtocol constants.
- Updated authentication methods in SslStream to pass SslProtocols.None.
- Changed defaults in SslClientAuthenticationOptions and SslServerAuthenticationOptions to use SslProtocols.None.
- Refactored WinHttpHandler TLS options handling and removed legacy Windows 7/2008R2 fallback logic, along with deleting the obsolete SecurityProtocol.cs.
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs | Updated client/server authentication methods to use SslProtocols.None for OS-managed protocol selection. |
| src/libraries/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs | Modified default protocol from the shared constant to SslProtocols.None. |
| src/libraries/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs | Modified default protocol from the shared constant to SslProtocols.None. |
| src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs | Adjusted TLS options configuration to early exit when SslProtocols.None is set, letting the OS handle protocol selection. |
| src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ConnectionPool/HttpConnectionPool.cs | Removed legacy fallback for Windows 7/2008R2 for default TLS protocols. |
| src/libraries/Common/src/System/Net/SecurityProtocol.cs | Removed the obsolete SecurityProtocol constants file. |
|
Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones |
3 tasks
MihaZupan
approved these changes
Mar 17, 2025
.../System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ConnectionPool/HttpConnectionPool.cs
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If
WinHTTPHandler.SslProtocolsremains untouched (SslProtocols.None), leave the protocol selection up to the WinHTTP.dll / OS.Also remove shared SecurityProtocol.cs with constants, now that the only relevant constant is
SslProtocols.None(replaced all occurrences ofSystemDefaultSecurityProtocols).