From 6385e2dcbdfea7f9d1aabc7ecf1fcf298956ecd2 Mon Sep 17 00:00:00 2001
From: Ryan Gribble <ryangribble@users.noreply.github.com>
Date: Wed, 27 Feb 2019 21:30:42 +1000
Subject: [PATCH] Don't apply Tls1.2 workaround when .NET 4.7 SystemDefault is
 set (#1936)

* Dont touch SecurityProtocol if current value is new SystemDefault added in .NET 4.7
Add comment to explain what we are doing

* Update Octokit/Http/HttpClientAdapter.cs

Co-Authored-By: ryangribble <ryangribble@users.noreply.github.com>

* Update Octokit/Http/HttpClientAdapter.cs

Co-Authored-By: ryangribble <ryangribble@users.noreply.github.com>

* Update Octokit/Http/HttpClientAdapter.cs

Co-Authored-By: ryangribble <ryangribble@users.noreply.github.com>

* Update Octokit/Http/HttpClientAdapter.cs

Co-Authored-By: ryangribble <ryangribble@users.noreply.github.com>
---
 Octokit/Http/HttpClientAdapter.cs | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/Octokit/Http/HttpClientAdapter.cs b/Octokit/Http/HttpClientAdapter.cs
index 873ab75272..8b997a50ab 100644
--- a/Octokit/Http/HttpClientAdapter.cs
+++ b/Octokit/Http/HttpClientAdapter.cs
@@ -28,7 +28,28 @@ public HttpClientAdapter(Func<HttpMessageHandler> getHandler)
             Ensure.ArgumentNotNull(getHandler, nameof(getHandler));
 
 #if HAS_SERVICEPOINTMANAGER
-            ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
+            // GitHub API requires TLS1.2 as of February 2018
+            // 
+            // .NET Framework before 4.6 did not enable TLS1.2 by default
+            //
+            // Even though this is an AppDomain wide setting, the decision was made for Octokit to
+            // ensure that TLS1.2 is enabled so that existing applications using Octokit did not need to
+            // make changes outside Octokit to continue to work with GitHub API
+            //
+            // *Update*
+            // .NET Framework 4.7 introduced a new value (SecurityProtocolType.SystemDefault = 0)
+            // which defers enabled protocols to operating system defaults
+            // If this is the current value we shouldn't do anything, as that would cause TLS1.2 to be the ONLY enabled protocol!
+            //
+            // See https://docs.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.7
+            // See https://github.com/octokit/octokit.net/issues/1914
+
+            // Only apply when current setting is not SystemDefault (0) added in .NET 4.7
+            if ((int)ServicePointManager.SecurityProtocol != 0)
+            {
+                // Add Tls1.2 to the existing enabled protocols
+                ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
+            }
 #endif
 
             _http = new HttpClient(new RedirectHandler { InnerHandler = getHandler() });