New: Support for TLS 1.1 and 1.2 connections when only .net 4.5 is installed.

2024-11-04 10:02:40 +01:00 · 2016-08-16 15:45:56 -07:00 · 2016-08-16 15:45:56 -07:00 · 5482fa3ae0
commit 5482fa3ae0
parent 6e8480d7cb
5 changed files with 43 additions and 2 deletions
--- a/src/NzbDrone.Common/NzbDrone.Common.csproj
+++ b/src/NzbDrone.Common/NzbDrone.Common.csproj
@ -208,6 +208,7 @@
    <Compile Include="Properties\SharedAssemblyInfo.cs" />
    <Compile Include="Reflection\ReflectionExtensions.cs" />
    <Compile Include="Extensions\ResourceExtensions.cs" />
+    <Compile Include="Security\SecurityProtocolPolicy.cs" />
    <Compile Include="Security\X509CertificateValidationPolicy.cs" />
    <Compile Include="Serializer\HttpUriConverter.cs" />
    <Compile Include="Serializer\IntConverter.cs" />
--- a/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs
+++ b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs
@ -0,0 +1,40 @@
+using System;
+using System.Net;
+using NLog;
+using NzbDrone.Common.Instrumentation;
+
+namespace NzbDrone.Common.Security
+{
+    public static class SecurityProtocolPolicy
+    {
+        private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(SecurityProtocolPolicy));
+
+        private const SecurityProtocolType Tls11 = (SecurityProtocolType)768;
+        private const SecurityProtocolType Tls12 = (SecurityProtocolType)3072;
+
+        public static void Register()
+        {
+            try
+            {
+                // TODO: In v3 we should drop support for SSL3 because its very insecure. Only leaving it enabled because some people might rely on it.
+                var protocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
+
+                if (Enum.IsDefined(typeof(SecurityProtocolType), Tls11))
+                {
+                    ServicePointManager.SecurityProtocol |= Tls11;
+                }
+
+                if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12))
+                {
+                    ServicePointManager.SecurityProtocol |= Tls12;
+                }
+
+                ServicePointManager.SecurityProtocol = protocol;
+            }
+            catch (Exception ex)
+            {
+                Logger.Debug(ex, "Failed to set TLS security protocol.");
+            }
+        }
+    }
+}
--- a/src/NzbDrone.Host/Bootstrap.cs
+++ b/src/NzbDrone.Host/Bootstrap.cs
@ -22,6 +22,7 @@ public static void Start(StartupContext startupContext, IUserAlert userAlert, Ac
            try
            {
                X509CertificateValidationPolicy.Register();
+                SecurityProtocolPolicy.Register();

                Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version);

--- a/src/NzbDrone.Host/Owin/OwinHostController.cs
+++ b/src/NzbDrone.Host/Owin/OwinHostController.cs
@ -34,8 +34,6 @@ public OwinHostController(

        public void StartServer()
        {
-            X509CertificateValidationPolicy.Register();
-
            if (OsInfo.IsWindows)
            {
                if (_runtimeInfo.IsAdmin)
--- a/src/NzbDrone.Update/UpdateApp.cs
+++ b/src/NzbDrone.Update/UpdateApp.cs
@ -36,6 +36,7 @@ public static void Main(string[] args)
                Logger.Info("Starting Sonarr Update Client");

                X509CertificateValidationPolicy.Register();
+                SecurityProtocolPolicy.Register();

                _container = UpdateContainerBuilder.Build(startupArgument);