Don't apply Tls1.2 workaround when .NET 4.7 SystemDefault is set (#1936)

* Dont touch SecurityProtocol if current value is new SystemDefault added in .NET 4.7 Add comment to explain what we are doing * Update Octokit/Http/HttpClientAdapter.cs Co-Authored-By: ryangribble <[email protected]> * Update Octokit/Http/HttpClientAdapter.cs Co-Authored-By: ryangribble <[email protected]> * Update Octokit/Http/HttpClientAdapter.cs Co-Authored-By: ryangribble <[email protected]> * Update Octokit/Http/HttpClientAdapter.cs Co-Authored-By: ryangribble <[email protected]>
octokit · Feb 27, 2019 · 6385e2d · 6385e2d
1 parent 43381c4
commit 6385e2d
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/Octokit/Http/HttpClientAdapter.cs b/Octokit/Http/HttpClientAdapter.cs
@@ -28,7 +28,28 @@ public HttpClientAdapter(Func<HttpMessageHandler> getHandler)
             Ensure.ArgumentNotNull(getHandler, nameof(getHandler));
 
 #if HAS_SERVICEPOINTMANAGER
-            ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
+            // GitHub API requires TLS1.2 as of February 2018
+            // 
+            // .NET Framework before 4.6 did not enable TLS1.2 by default
+            //
+            // Even though this is an AppDomain wide setting, the decision was made for Octokit to
+            // ensure that TLS1.2 is enabled so that existing applications using Octokit did not need to
+            // make changes outside Octokit to continue to work with GitHub API
+            //
+            // *Update*
+            // .NET Framework 4.7 introduced a new value (SecurityProtocolType.SystemDefault = 0)
+            // which defers enabled protocols to operating system defaults
+            // If this is the current value we shouldn't do anything, as that would cause TLS1.2 to be the ONLY enabled protocol!
+            //
+            // See https://docs.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.7
+            // See https://github.com/octokit/octokit.net/issues/1914
+
+            // Only apply when current setting is not SystemDefault (0) added in .NET 4.7
+            if ((int)ServicePointManager.SecurityProtocol != 0)
+            {
+                // Add Tls1.2 to the existing enabled protocols
+                ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
+            }
 #endif
 
             _http = new HttpClient(new RedirectHandler { InnerHandler = getHandler() });