THRIFT-5743 add TLS1.3 to default protocols where available

Client: netstd
Patch: Jens Geyer

lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs

@@ -16,6 +16,7 @@
 // under the License.
 
 using System;
+using System.Diagnostics;
 using System.Net;
 using System.Net.Security;
 using System.Net.Sockets;
@@ -43,11 +44,19 @@ public class TTlsSocketTransport : TStreamTransport
         private SslStream _secureStream;
         private int _timeout;
 
+        #if NET7_0_OR_GREATER
+        public const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
+        #else
+        public const SslProtocols DefaultSslProtocols = SslProtocols.Tls12;
+        #endif
+
+
+
         public TTlsSocketTransport(TcpClient client, TConfiguration config,
             X509Certificate2 certificate, bool isServer = false,
             RemoteCertificateValidationCallback certValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = DefaultSslProtocols)
             : base(config)
         {
             _client = client;
@@ -74,7 +83,7 @@ public TTlsSocketTransport(IPAddress host, int port, TConfiguration config,
             string certificatePath,
             RemoteCertificateValidationCallback certValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = DefaultSslProtocols)
             : this(host, port, config, 0,
                 new X509Certificate2(certificatePath),
                 certValidator,
@@ -87,7 +96,7 @@ public TTlsSocketTransport(IPAddress host, int port, TConfiguration config,
             X509Certificate2 certificate = null,
             RemoteCertificateValidationCallback certValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = DefaultSslProtocols)
             : this(host, port, config, 0,
                 certificate,
                 certValidator,
@@ -100,7 +109,7 @@ public TTlsSocketTransport(IPAddress host, int port, TConfiguration config, int
             X509Certificate2 certificate,
             RemoteCertificateValidationCallback certValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = DefaultSslProtocols)
             : base(config)
         {
             _host = host;
@@ -118,7 +127,7 @@ public TTlsSocketTransport(string host, int port, TConfiguration config, int tim
             X509Certificate2 certificate,
             RemoteCertificateValidationCallback certValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = DefaultSslProtocols)
             : base(config)
         {
             try
@@ -237,7 +246,7 @@ public async Task SetupTlsAsync()
                 {
                     // Client authentication
                     var certs = _certificate != null
-                        ? new X509CertificateCollection {_certificate}
+                        ? new X509CertificateCollection { _certificate }
                         : new X509CertificateCollection();
 
                     var targetHost = _targetHost ?? _host.ToString();
@@ -269,5 +278,7 @@ public override void Close()
                 _secureStream = null;
             }
         }
+
+
     }
 }

lib/netstd/Thrift/Transport/Server/TTlsServerSocketTransport.cs

@@ -43,7 +43,7 @@ public TTlsServerSocketTransport(
             X509Certificate2 certificate,
             RemoteCertificateValidationCallback clientCertValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = TTlsSocketTransport.DefaultSslProtocols)
             : base(config)
         {
             if (!certificate.HasPrivateKey)
@@ -65,7 +65,7 @@ public TTlsServerSocketTransport(
             X509Certificate2 certificate,
             RemoteCertificateValidationCallback clientCertValidator = null,
             LocalCertificateSelectionCallback localCertificateSelectionCallback = null,
-            SslProtocols sslProtocols = SslProtocols.Tls12)
+            SslProtocols sslProtocols = TTlsSocketTransport.DefaultSslProtocols)
             : this(null, config, certificate, clientCertValidator, localCertificateSelectionCallback, sslProtocols)
         {
             try

test/netstd/Client/TestClient.cs

@@ -257,7 +257,7 @@ public TTransport CreateTransport()
                         trans = new TTlsSocketTransport(host, port, Configuration, 0,
                             cert,
                             (sender, certificate, chain, errors) => true,
-                            null, SslProtocols.Tls12);
+                            null);
                         break;
 
                     case TransportChoice.Socket:

test/netstd/Server/TestServer.cs

@@ -606,7 +606,7 @@ public static async Task<int> Execute(List<string> args)
                             trans = new TTlsServerSocketTransport(param.port, Configuration,
                                 cert,
                                 (sender, certificate, chain, errors) => true,
-                                null, SslProtocols.Tls12);
+                                null);
                             break;
 
                         case TransportChoice.Socket: