From 5482fa3ae0cc9f72eb67bdd13b6ba91ef72054e0 Mon Sep 17 00:00:00 2001 From: Mark McDowall Date: Tue, 16 Aug 2016 15:45:56 -0700 Subject: [PATCH] New: Support for TLS 1.1 and 1.2 connections when only .net 4.5 is installed. --- src/NzbDrone.Common/NzbDrone.Common.csproj | 1 + .../Security/SecurityProtocolPolicy.cs | 40 +++++++++++++++++++ src/NzbDrone.Host/Bootstrap.cs | 1 + src/NzbDrone.Host/Owin/OwinHostController.cs | 2 - src/NzbDrone.Update/UpdateApp.cs | 1 + 5 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs diff --git a/src/NzbDrone.Common/NzbDrone.Common.csproj b/src/NzbDrone.Common/NzbDrone.Common.csproj index ff9a16604..f5c53d1fe 100644 --- a/src/NzbDrone.Common/NzbDrone.Common.csproj +++ b/src/NzbDrone.Common/NzbDrone.Common.csproj @@ -208,6 +208,7 @@ + diff --git a/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs new file mode 100644 index 000000000..5c880c4ae --- /dev/null +++ b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs @@ -0,0 +1,40 @@ +using System; +using System.Net; +using NLog; +using NzbDrone.Common.Instrumentation; + +namespace NzbDrone.Common.Security +{ + public static class SecurityProtocolPolicy + { + private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(SecurityProtocolPolicy)); + + private const SecurityProtocolType Tls11 = (SecurityProtocolType)768; + private const SecurityProtocolType Tls12 = (SecurityProtocolType)3072; + + public static void Register() + { + try + { + // TODO: In v3 we should drop support for SSL3 because its very insecure. Only leaving it enabled because some people might rely on it. + var protocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls; + + if (Enum.IsDefined(typeof(SecurityProtocolType), Tls11)) + { + ServicePointManager.SecurityProtocol |= Tls11; + } + + if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12)) + { + ServicePointManager.SecurityProtocol |= Tls12; + } + + ServicePointManager.SecurityProtocol = protocol; + } + catch (Exception ex) + { + Logger.Debug(ex, "Failed to set TLS security protocol."); + } + } + } +} diff --git a/src/NzbDrone.Host/Bootstrap.cs b/src/NzbDrone.Host/Bootstrap.cs index 392478458..0422665ad 100644 --- a/src/NzbDrone.Host/Bootstrap.cs +++ b/src/NzbDrone.Host/Bootstrap.cs @@ -22,6 +22,7 @@ namespace NzbDrone.Host try { X509CertificateValidationPolicy.Register(); + SecurityProtocolPolicy.Register(); Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version); diff --git a/src/NzbDrone.Host/Owin/OwinHostController.cs b/src/NzbDrone.Host/Owin/OwinHostController.cs index 09efd0b24..ada81e390 100644 --- a/src/NzbDrone.Host/Owin/OwinHostController.cs +++ b/src/NzbDrone.Host/Owin/OwinHostController.cs @@ -34,8 +34,6 @@ namespace NzbDrone.Host.Owin public void StartServer() { - X509CertificateValidationPolicy.Register(); - if (OsInfo.IsWindows) { if (_runtimeInfo.IsAdmin) diff --git a/src/NzbDrone.Update/UpdateApp.cs b/src/NzbDrone.Update/UpdateApp.cs index 6cb1c0ab4..f379ba99c 100644 --- a/src/NzbDrone.Update/UpdateApp.cs +++ b/src/NzbDrone.Update/UpdateApp.cs @@ -36,6 +36,7 @@ namespace NzbDrone.Update Logger.Info("Starting Sonarr Update Client"); X509CertificateValidationPolicy.Register(); + SecurityProtocolPolicy.Register(); _container = UpdateContainerBuilder.Build(startupArgument);