Enable tls1.3 ssl protocol on netcore

dotnet · JRahnama · Nov 2, 2022 · Oct 31, 2022 · Oct 31, 2022 · Nov 1, 2022
commit 35d3721aadf46859d28e76f0c66e2a10e6a7890c
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -519,8 +519,20 @@ internal void Connect(
                 // On Instance failure re-connect and flush SNI named instance cache.
                 _physicalStateObj.SniContext = SniContext.Snix_Connect;
 
-                _physicalStateObj.CreatePhysicalSNIHandle(serverInfo.ExtendedServerName, ignoreSniOpenTimeout, timerExpire, out instanceName, ref _sniSpnBuffer, true, true, fParallel,
-                                                _connHandler.ConnectionOptions.IPAddressPreference, FQDNforDNSCache, ref _connHandler.pendingSQLDNSObject, serverInfo.ServerSPN, integratedSecurity);
+                _physicalStateObj.CreatePhysicalSNIHandle(serverInfo.ExtendedServerName,
+                    ignoreSniOpenTimeout, 
+                    timerExpire, 
+                    out instanceName, 
+                    ref _sniSpnBuffer, 
+                    true, 
+                    true, fParallel,
+                    _connHandler.ConnectionOptions.IPAddressPreference, 
+                    FQDNforDNSCache, 
+                    ref _connHandler.pendingSQLDNSObject, 
+                    serverInfo.ServerSPN, 
+                    integratedSecurity,
+                    encrypt == SqlConnectionEncryptOption.Strict,
+                    hostNameInCertificate);
 
                 if (TdsEnums.SNI_SUCCESS != _physicalStateObj.Status)
                 {
@@ -552,6 +564,7 @@ internal void Connect(
                     throw SQL.InstanceFailure();
                 }
             }
+            SqlClientEventSource.Log.TryTraceEvent("<sc.TdsParser.Connect|SEC> Prelogin handshake successful");
 
             if (_fMARS && marsCapable)
             {
@@ -1010,7 +1023,8 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(
                             uint info = (shouldValidateServerCert ? TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE : 0)
                                 | (is2005OrLater ? TdsEnums.SNI_SSL_USE_SCHANNEL_CACHE : 0);
 
-                            EnableSsl(info, encrypt, integratedSecurity);
+
+                            EnableSsl(info, encrypt == SqlConnectionEncryptOption.Mandatory, integratedSecurity);
                         }
 
                         break;

diff --git a/...crosoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/...crosoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
@@ -425,12 +425,16 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
             var nativeProtocol = (NativeProtocols)nativeProtocolVersion;
 
             /* The SslProtocols.Tls13 is supported by netcoreapp3.1 and later
-             * This driver does not support this version yet!
+             * This driver does not support this version yet! */
+#if NETCOREAPP3_1_OR_GREATER
-#if NETCOREAPP3_1_OR_GREATER
+#if NETCOREAPP
-#if NETCOREAPP3_1_OR_GREATER
+#if NETCOREAPP
             if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_TLS1_3_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_TLS1_3_SERVER))
             {
                 protocolVersion = (int)SslProtocols.Tls13;
-            }*/
+            }
+            else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_TLS1_2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_TLS1_2_SERVER))
+#else
             if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_TLS1_2_CLIENT) || nativeProtocol.HasFlag(NativeProtocols.SP_PROT_TLS1_2_SERVER))
+#endif
             {
                 protocolVersion = (int)SslProtocols.Tls12;
             }