From fa4d9bdfa83a81489179e324c646f5fb8a68eba3 Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Wed, 2 Nov 2022 15:25:25 -0700 Subject: [PATCH] Revert excluding unsupported protocols --- BUILDGUIDE.md | 6 ------ .../Interop/SNINativeMethodWrapper.Windows.cs | 4 ++-- .../Microsoft/Data/SqlClient/SNI/SNIHandle.cs | 10 +--------- .../Interop/SNINativeManagedWrapperX64.cs | 2 +- .../Interop/SNINativeManagedWrapperX86.cs | 2 +- .../Data/Interop/SNINativeMethodWrapper.cs | 8 ++++---- .../Data/SqlClient/LocalAppContextSwitches.cs | 19 ------------------- 7 files changed, 9 insertions(+), 42 deletions(-) diff --git a/BUILDGUIDE.md b/BUILDGUIDE.md index 1e63539c01..5a678937c8 100644 --- a/BUILDGUIDE.md +++ b/BUILDGUIDE.md @@ -321,12 +321,6 @@ Scaled decimal parameter truncation can be enabled by enabling the below AppCont `Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior` -## Enabling OS secure protocols preference - -TLS 1.3 has been excluded due to the fact that the driver lacks full support. To enable OS preferences as before, enable the following AppContext switch on application startup: - -`Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS` - ## Suppressing TLS security warning When connecting to a server, if a protocol lower than TLS 1.2 is negotiated, a security warning is output to the console. This warning can be suppressed on SQL connections with `Encrypt = false` by enabling the following AppContext switch on application startup: diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs b/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs index eae47ef2f6..87e6e9e19e 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs @@ -287,7 +287,7 @@ internal struct SNI_Error private static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] - private static extern uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo); + private static extern uint SNIInitialize([In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] private static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); @@ -375,7 +375,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP internal static uint SNIInitialize() { - return SNIInitialize(LocalAppContextSwitches.UseSystemDefaultSecureProtocols, IntPtr.Zero); + return SNIInitialize(IntPtr.Zero); } internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs index 7613817a23..354ce3eff5 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs @@ -17,15 +17,7 @@ namespace Microsoft.Data.SqlClient.SNI /// internal abstract class SNIHandle { - /// - /// Exclude TLS 1.3 in TLS-over-TDS modes (TDS 7.4 and below) - /// - protected static readonly SslProtocols s_supportedProtocols = LocalAppContextSwitches.UseSystemDefaultSecureProtocols ? SslProtocols.None : SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls - //protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls -#pragma warning disable CS0618 // Type or member is obsolete - | SslProtocols.Ssl2 | SslProtocols.Ssl3 -#pragma warning restore CS0618 // Type or member is obsolete - ; + protected static readonly SslProtocols s_supportedProtocols = SslProtocols.None; #if !NETSTANDARD2_0 protected static readonly List s_tdsProtocols = new List(1) { new(TdsEnums.TDS8_Protocol) }; diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs index 13e35363a8..f4970e1cda 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX64 internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")] - internal static extern uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo); + internal static extern uint SNIInitialize([In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs index 5517ba8c0e..6e1a0abf5f 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX86 internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")] - internal static extern uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo); + internal static extern uint SNIInitialize([In] IntPtr pmo); [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)] internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs index 18ca7c68c2..5424fbdb11 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs @@ -593,11 +593,11 @@ private static uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapp SNINativeManagedWrapperX86.SNIGetInfoWrapper(pConn, QType, out provNum); } - private static uint SNIInitialize([In] bool useSystemDefaultSecureProtocols, [In] IntPtr pmo) + private static uint SNIInitialize([In] IntPtr pmo) { return s_is64bitProcess ? - SNINativeManagedWrapperX64.SNIInitialize(useSystemDefaultSecureProtocols, pmo) : - SNINativeManagedWrapperX86.SNIInitialize(useSystemDefaultSecureProtocols, pmo); + SNINativeManagedWrapperX64.SNIInitialize(pmo) : + SNINativeManagedWrapperX86.SNIInitialize(pmo); } private static uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn) @@ -765,7 +765,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP internal static uint SNIInitialize() { - return SNIInitialize(LocalAppContextSwitches.UseSystemDefaultSecureProtocols, IntPtr.Zero); + return SNIInitialize(IntPtr.Zero); } internal static IntPtr SNIServerEnumOpen() => s_is64bitProcess ? diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs index 8e390b21d6..1791ad5d52 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs @@ -13,12 +13,10 @@ internal static partial class LocalAppContextSwitches private const string TypeName = nameof(LocalAppContextSwitches); internal const string MakeReadAsyncBlockingString = @"Switch.Microsoft.Data.SqlClient.MakeReadAsyncBlocking"; internal const string LegacyRowVersionNullString = @"Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior"; - internal const string UseSystemDefaultSecureProtocolsString = @"Switch.Microsoft.Data.SqlClient.UseSystemDefaultSecureProtocols"; internal const string SuppressInsecureTLSWarningString = @"Switch.Microsoft.Data.SqlClient.SuppressInsecureTLSWarning"; private static bool s_makeReadAsyncBlocking; private static bool? s_LegacyRowVersionNullBehavior; - private static bool? s_UseSystemDefaultSecureProtocols; private static bool? s_SuppressInsecureTLSWarning; #if !NETFRAMEWORK @@ -78,22 +76,5 @@ public static bool LegacyRowVersionNullBehavior return s_LegacyRowVersionNullBehavior.Value; } } - - /// - /// For backward compatibility, this switch can be on to jump back on OS preferences. - /// - public static bool UseSystemDefaultSecureProtocols - { - get - { - if (s_UseSystemDefaultSecureProtocols is null) - { - bool result; - result = AppContext.TryGetSwitch(UseSystemDefaultSecureProtocolsString, out result) ? result : false; - s_UseSystemDefaultSecureProtocols = result; - } - return s_UseSystemDefaultSecureProtocols.Value; - } - } } }