Microsoft.AspNetCore.Server.Kestrel.Core 2.3.6 restricts the ListenOptions Protocols

[w4mhi]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

Hi,
I wrote code that is working in Kestrel 2.2.0:
// snippet
options.ListenAnyIP(port, listenOptions =>
{
listenOptions.Protocols = httpProtocols;
listenOptions.UseHttps(httpsConnectionAdapterOptions);
});
where httpProtocols = AspNetCore.Server.Kestrel.Core.HttpProtocols.Http1AndHttp2
I've been flagged the 2.2.0 of Kestrel.Core is vulnerable and to upgrade to 2.3.6
For this i need to update Kestrel to 2.3.0 (otherwise, the Core in transitive and is pulled as 2.3.0 - vulnerable)
In Kestrel.Core 2.3.6 the Protocols are internal, not public now:
<>
//
// Summary:
// The protocols enabled on this endpoint.
//
// Remarks:
// Defaults to HTTP/1.x only.
internal HttpProtocols Protocols { get; set; } = HttpProtocols.Http1;

I need to specify the protocols as I have Http v2 in multiple services. I need also to upgrade the nuget because vulnerability.
Any input on this problem?
Thank you!

Expected Behavior

No response

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

No response

Anything else?

No response

[MihuBot]

I'm a bot. Here is a possible related and/or duplicate issue (I may be wrong):

• Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions.Protocols is internal in Microsoft.AspNetCore v2.3.0 #61823

[martincostello]

2.3.x is based on 2.1.x and contains no APIs that were new in 2.2.x.

#58598

[dotnet-policy-service]

This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.

See our Issue Management Policies for more information.