Skip to content

feat: support tls client hello bytes callback in Kestrel #61631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
May 1, 2025
Merged

feat: support tls client hello bytes callback in Kestrel #61631

merged 20 commits into from
May 1, 2025

Conversation

DeagleGross
Copy link
Member

Supporting TLS Client Hello callback in Kestrel

HTTP.SYS contribution was done in this PR

Description

Adding a new property to HttpsConnectionAdapterOptions - TlsClientHelloBytesCallback (added to public API).
It allows to subscribe to the TLS client hello message parsed from the ConnectionContext.Transport.Input:

options.TlsClientHelloBytesCallback = (connection, clientHelloBytes) =>
{
    Logger.LogDebug("[Received TlsClientHelloBytesCallback] Connection: {0}; TLS client hello buffer: {1}", connection.ConnectionId, clientHelloBytes.Length);
};

If property HttpsConnectionAdapterOptions.TlsClientHelloBytesCallback is set (not null), then new middleware is added before HttpsConnectionMiddleware.

The implementation is doing the following:

  1. waiting for data to come
  2. if there is enough data, try to parse TLS and determine if we need to invoke a callback
  3. if there is not enough data, we either wait (not end of the stream) or simply continue the middleware pipeline

Fixes #60805

@DeagleGross DeagleGross self-assigned this Apr 23, 2025
@ghost ghost added the area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions label Apr 23, 2025
gfoidl
gfoidl reviewed Apr 23, 2025
View reviewed changes
gfoidl
gfoidl reviewed Apr 23, 2025
View reviewed changes
Copy link
Member

@gfoidl gfoidl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- just a small comment.

BrennanConroy
BrennanConroy reviewed Apr 23, 2025
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Apr 23, 2025
Closed
3 tasks
BrennanConroy
BrennanConroy reviewed Apr 25, 2025
View reviewed changes
@DeagleGross
Copy link
Member Author

add tests for SSL 2.0 and SSL 3.0

@DeagleGross
Copy link
Member Author

add tests for SSL 2.0 and SSL 3.0

done

BrennanConroy
BrennanConroy reviewed Apr 29, 2025
View reviewed changes
BrennanConroy
BrennanConroy approved these changes Apr 30, 2025
View reviewed changes
@DeagleGross DeagleGross merged commit 0862db9 into dotnet:main May 1, 2025
26 of 27 checks passed
@DeagleGross DeagleGross deleted the dmkorolev/kestrel-tls branch May 1, 2025 17:00
@dotnet-policy-service dotnet-policy-service bot added this to the 10.0-preview5 milestone May 1, 2025
@Copilot Copilot AI mentioned this pull request Aug 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BrennanConroy BrennanConroy BrennanConroy approved these changes

@halter73 halter73 Awaiting requested review from halter73 halter73 is a code owner

@JamesNK JamesNK Awaiting requested review from JamesNK JamesNK is a code owner

@mgravell mgravell Awaiting requested review from mgravell

+1 more reviewer

@gfoidl gfoidl gfoidl left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@DeagleGross DeagleGross

Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
Projects
None yet
Milestone
10.0-preview5
Development

Successfully merging this pull request may close these issues.

API Proposal: Expose TLS client hello message
3 participants
@DeagleGross @gfoidl @BrennanConroy