Aspnetcore: Non-HTTP TLS connection middleware

Created on 1 Aug 2019  路  6Comments  路  Source: dotnet/aspnetcore

Are there any plans for a general-purpose TLS connection middleware? I'm looking to add TLS support to Orleans (which uses sockets). I saw #11109, but it's specific to HTTPS.

(Related to Bedrock / #4772)

affected-few area-servers enhancement help wanted severity-nice-to-have 馃 Bedrock
Source
picture ReubenBond
👍4

All 6 comments

We don't have a plan as of yet. It's certainly something we could do if there was value in it. Ideally we'd also re-base our Https logic on top of a more general-purpose TLS middleware. From what I can tell, the main thing coupling the existing middleware to HTTPS is ALPN support. We could generalize the middleware so that instead of taking options specifying the HTTP version, it could just take ALPN protocols to negotiate.

anurse picture anurse on 6 Aug 2019

I think we can achieve this by refactoring the (internal 馃帀) HttpsConnectionMiddleware like so:

  • Rename to TlsConnectionMiddleware and refactor to use ALPN-specific options with no HTTP stuff
  • Add a UseTls extension method and configuration.
  • Keep UseHttps extension method and HttpsConnectionAdaptorOptions and have them configure the TlsConnectionMiddleware
anurse picture anurse on 7 Aug 2019

@ReubenBond if you're passionate and excited, we'd take a PR. Otherwise we'll put it in our planning for 5.0 and see where it shakes out.

anurse picture anurse on 7 Aug 2019

I took a quick stab at the first point (rename, refactor), pulling the bits into our repo. We're targeting netstandard2.0 right now & there're are a bunch of issues (lack of IAsyncDisposable & PipeWriter.Create(Stream, ...), among other things). I spoke with @sergeybykov earlier and we loosely agreed on the following w.r.t our Bedrock + TLS support:

  • Upgrade orleans/master to use the packages which we expect to GA alongside .NET Core 3.0 (eg, System.IO.Pipelines 4.6.0) - this means tying our 3.0 release until after Sept 23rd when .NET Core 3.0 GAs.
  • Exposing connection middleware configuration so that users can insert custom transports / middleware (rather than restricting them to the inbuilt socket transports)
  • Deleting most of our internal fork of Bedrock & related Kestrel pieces & running on public bedrock bits
  • Finally, creating a (hopefully temporary) separate package containing a TlsConnectionMiddleware which can target netcoreapp3.0 if needed - I assume (perhaps incorrectly) that the Stream change to implement IAsyncDisposable will not be made available on netstandard2.0 / .NET Framework in general.

After your above comments we may need to update our thinking, unless someone else in the community is available to follow your steps for a general-purpose TlsConnectionMiddleware.

ReubenBond picture ReubenBond on 7 Aug 2019
👍1

Putting this in 5.0

davidfowl picture davidfowl on 15 Aug 2019
👍1

I've opened a PR on Orleans which adds a generic middleware (+ Orleans-specific configuration helpers) which I would like feedback on: https://github.com/dotnet/orleans/pull/6035

It's based on the HTTPS middleware from ASP.NET Core but also adds support for client connections (in addition to the HTTPS middleware's support for server connections).

Ideally we can extract this & upstream it for 5.0 once it's polished and stable.

ReubenBond picture ReubenBond on 10 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

glennc picture glennc  路  117Comments
Trcx528 picture Trcx528  路  85Comments
MaximRouiller picture MaximRouiller  路  338Comments
davidfowl picture davidfowl  路  126Comments
danroth27 picture danroth27  路  79Comments