From 85c1c9d2123f652e418d4c58e1dae1e69d052dec Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Thu, 19 Dec 2024 19:43:36 +0100 Subject: [PATCH 01/12] separate handler to compare against noOp --- scenarios/antiforgery.benchmarks.yml | 2 +- src/BenchmarksApps/Antiforgery/Program.cs | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scenarios/antiforgery.benchmarks.yml b/scenarios/antiforgery.benchmarks.yml index 9099dc042..ef033df7d 100644 --- a/scenarios/antiforgery.benchmarks.yml +++ b/scenarios/antiforgery.benchmarks.yml @@ -35,7 +35,7 @@ scenarios: load: job: wrk variables: - path: /auth + path: /generateToken antiforgery-noop: application: diff --git a/src/BenchmarksApps/Antiforgery/Program.cs b/src/BenchmarksApps/Antiforgery/Program.cs index b990d55cf..f2554e46e 100644 --- a/src/BenchmarksApps/Antiforgery/Program.cs +++ b/src/BenchmarksApps/Antiforgery/Program.cs @@ -10,6 +10,13 @@ app.MapGet("/", () => Results.Ok("hello world!")); app.MapGet("/noOp", (HttpContext ctx, IAntiforgery antiforgery) => Results.Ok()); +// GET https://localhost:55471/generateToken +app.MapGet("/generateToken", (HttpContext ctx, IAntiforgery antiforgery) => +{ + var token = antiforgery.GetAndStoreTokens(ctx); + return Results.Ok(); +}); + // GET https://localhost:55471/auth app.MapGet("/auth", (HttpContext ctx, IAntiforgery antiforgery) => { From 7fef625e1721b2689a5ab65ab84bf9bd1d612890 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Mon, 20 Jan 2025 13:00:19 +0100 Subject: [PATCH 02/12] log request data + try with new httpclient --- scenarios/tls.benchmarks.yml | 13 +++++++--- src/BenchmarksApps/TLS/HttpSys/Program.cs | 31 +++++++++++++++++++++-- src/BenchmarksApps/TLS/Kestrel/Program.cs | 31 +++++++++++++++++++++-- 3 files changed, 68 insertions(+), 7 deletions(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 276976b14..47c83bda2 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -1,7 +1,8 @@ imports: - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Wrk/wrk.yml - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Bombardier/bombardier.yml - - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml + # - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml + - https://raw.githubusercontent.com/DeagleGross/crank/refs/heads/dmkorolev/httpclient/add-tls-protocol-override/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml - https://github.com/aspnet/Benchmarks/blob/main/scenarios/aspnet.profiles.yml?raw=true variables: @@ -15,12 +16,15 @@ jobs: project: src/BenchmarksApps/TLS/HttpSys/HttpSys.csproj readyStateText: Application started. variables: + # behavioral settings mTLS: false # enables settings on http.sys to negotiate client cert on connections tlsRenegotiation: false # enables client cert validation + # debug settings certValidationConsoleEnabled: false httpSysLogs: false statsEnabled: false - arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --httpSysLogs {{httpSysLogs}}" + logRequestDetails: false + arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --httpSysLogs {{httpSysLogs}} --logRequestDetails {{logRequestDetails}}" kestrelServer: source: @@ -29,11 +33,14 @@ jobs: project: src/BenchmarksApps/TLS/Kestrel/Kestrel.csproj readyStateText: Application started. variables: + # behavioral settings mTLS: false tlsRenegotiation: false + # debug settings certValidationConsoleEnabled: false statsEnabled: false - arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}}" + logRequestDetails: false + arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --logRequestDetails {{logRequestDetails}}" scenarios: diff --git a/src/BenchmarksApps/TLS/HttpSys/Program.cs b/src/BenchmarksApps/TLS/HttpSys/Program.cs index 2ab338cb1..d19010aac 100644 --- a/src/BenchmarksApps/TLS/HttpSys/Program.cs +++ b/src/BenchmarksApps/TLS/HttpSys/Program.cs @@ -1,17 +1,23 @@ using HttpSys; +using Microsoft.AspNetCore.Connections.Features; +using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.Server.HttpSys; var builder = WebApplication.CreateBuilder(args); builder.Logging.ClearProviders(); -var writeCertValidationEventsToConsole = bool.TryParse(builder.Configuration["certValidationConsoleEnabled"], out var certValidationConsoleEnabled) && certValidationConsoleEnabled; +// behavioral var httpSysLoggingEnabled = bool.TryParse(builder.Configuration["httpSysLogs"], out var httpSysLogsEnabled) && httpSysLogsEnabled; -var statsEnabled = bool.TryParse(builder.Configuration["statsEnabled"], out var connectionStatsEnabledConfig) && connectionStatsEnabledConfig; var mTlsEnabled = bool.TryParse(builder.Configuration["mTLS"], out var mTlsEnabledConfig) && mTlsEnabledConfig; var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig; var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/"; var httpsIpPort = listeningEndpoints.Split(";").First(x => x.Contains("https")).Replace("https://", ""); +// debug +var writeCertValidationEventsToConsole = bool.TryParse(builder.Configuration["certValidationConsoleEnabled"], out var certValidationConsoleEnabled) && certValidationConsoleEnabled; +var statsEnabled = bool.TryParse(builder.Configuration["statsEnabled"], out var connectionStatsEnabledConfig) && connectionStatsEnabledConfig; +var logRequestDetails = bool.TryParse(builder.Configuration["logRequestDetails"], out var logRequestDetailsConfig) && logRequestDetailsConfig; + #pragma warning disable CA1416 // Can be launched only on Windows (HttpSys) builder.WebHost.UseHttpSys(options => { @@ -30,6 +36,27 @@ var connectionIds = new HashSet(); var fetchedCertsCounter = 0; +if (logRequestDetails) +{ + var logged = false; + Console.WriteLine("Registered request details logging middleware"); + app.Use(async (context, next) => + { + if (!logged) + { + logged = true; + + var tlsHandshakeFeature = context.Features.GetRequiredFeature(); + + Console.WriteLine("Request details:"); + Console.WriteLine("-----"); + Console.WriteLine("TLS: " + tlsHandshakeFeature.Protocol); + Console.WriteLine("-----"); + } + await next(); + }); +} + if (statsEnabled) { Console.WriteLine("Registered stats middleware"); diff --git a/src/BenchmarksApps/TLS/Kestrel/Program.cs b/src/BenchmarksApps/TLS/Kestrel/Program.cs index 9fa7b8dc9..c2576919f 100644 --- a/src/BenchmarksApps/TLS/Kestrel/Program.cs +++ b/src/BenchmarksApps/TLS/Kestrel/Program.cs @@ -2,6 +2,8 @@ using System.Net.Security; using System.Security.Cryptography.X509Certificates; using Microsoft.AspNetCore.Authentication.Certificate; +using Microsoft.AspNetCore.Connections.Features; +using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.Server.HttpSys; using Microsoft.AspNetCore.Server.Kestrel.Core; using Microsoft.AspNetCore.Server.Kestrel.Https; @@ -9,12 +11,16 @@ var builder = WebApplication.CreateBuilder(args); builder.Logging.ClearProviders(); -var writeCertValidationEventsToConsole = bool.TryParse(builder.Configuration["certValidationConsoleEnabled"], out var certValidationConsoleEnabled) && certValidationConsoleEnabled; +// behavioral var mTlsEnabled = bool.TryParse(builder.Configuration["mTLS"], out var mTlsEnabledConfig) && mTlsEnabledConfig; var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig; -var statsEnabled = bool.TryParse(builder.Configuration["statsEnabled"], out var connectionStatsEnabledConfig) && connectionStatsEnabledConfig; var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/"; +// debug +var writeCertValidationEventsToConsole = bool.TryParse(builder.Configuration["certValidationConsoleEnabled"], out var certValidationConsoleEnabled) && certValidationConsoleEnabled; +var statsEnabled = bool.TryParse(builder.Configuration["statsEnabled"], out var connectionStatsEnabledConfig) && connectionStatsEnabledConfig; +var logRequestDetails = bool.TryParse(builder.Configuration["logRequestDetails"], out var logRequestDetailsConfig) && logRequestDetailsConfig; + if (mTlsEnabled && tlsRenegotiationEnabled) { Console.WriteLine("mTLS and tlsRenegotiation require different clientCertMode setup. Using TLS Renegotiation by default."); @@ -81,6 +87,27 @@ bool AllowAnyCertificateValidationWithLogging(X509Certificate2 certificate, X509 return true; } +if (logRequestDetails) +{ + var logged = false; + Console.WriteLine("Registered request details logging middleware"); + app.Use(async (context, next) => + { + if (!logged) + { + logged = true; + + var tlsHandshakeFeature = context.Features.GetRequiredFeature(); + + Console.WriteLine("Request details:"); + Console.WriteLine("-----"); + Console.WriteLine("TLS: " + tlsHandshakeFeature.Protocol); + Console.WriteLine("-----"); + } + await next(); + }); +} + if (statsEnabled) { Console.WriteLine("Registered stats middleware"); From b873f085c98a3efcf0ef6890aee7ec69ed5deeae Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Mon, 20 Jan 2025 14:03:57 +0100 Subject: [PATCH 03/12] use httpclient --- scenarios/tls.benchmarks.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 47c83bda2..d73766792 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -50,7 +50,7 @@ scenarios: application: job: httpSysServer load: - job: wrk + job: httpclient variables: path: /hello-world presetHeaders: connectionclose @@ -101,7 +101,7 @@ scenarios: application: job: kestrelServer load: - job: wrk + job: httpclient variables: path: /hello-world presetHeaders: connectionclose From 1f19cc36b6189a60bd8ec533581513d81dee5be8 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Mon, 20 Jan 2025 21:46:51 +0100 Subject: [PATCH 04/12] support TLS control on Kestrel --- scenarios/tls.benchmarks.yml | 3 +- src/BenchmarksApps/TLS/Kestrel/Program.cs | 41 +++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index d73766792..0e29facb7 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -36,11 +36,12 @@ jobs: # behavioral settings mTLS: false tlsRenegotiation: false + tlsProtocols: "tls12" # debug settings certValidationConsoleEnabled: false statsEnabled: false logRequestDetails: false - arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --logRequestDetails {{logRequestDetails}}" + arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --tlsProtocols {{tlsProtocols}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --logRequestDetails {{logRequestDetails}}" scenarios: diff --git a/src/BenchmarksApps/TLS/Kestrel/Program.cs b/src/BenchmarksApps/TLS/Kestrel/Program.cs index c2576919f..15a7e767f 100644 --- a/src/BenchmarksApps/TLS/Kestrel/Program.cs +++ b/src/BenchmarksApps/TLS/Kestrel/Program.cs @@ -1,5 +1,6 @@ using System.Net; using System.Net.Security; +using System.Security.Authentication; using System.Security.Cryptography.X509Certificates; using Microsoft.AspNetCore.Authentication.Certificate; using Microsoft.AspNetCore.Connections.Features; @@ -15,6 +16,7 @@ var mTlsEnabled = bool.TryParse(builder.Configuration["mTLS"], out var mTlsEnabledConfig) && mTlsEnabledConfig; var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig; var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/"; +var supportedTlsVersions = ParseSslProtocols(builder.Configuration["tlsProtocols"]); // debug var writeCertValidationEventsToConsole = bool.TryParse(builder.Configuration["certValidationConsoleEnabled"], out var certValidationConsoleEnabled) && certValidationConsoleEnabled; @@ -46,6 +48,11 @@ void ConfigureListen(KestrelServerOptions serverOptions, IConfigurationRoot conf // [SuppressMessage("Microsoft.Security", "CSCAN0220.DefaultPasswordContexts", Justification="Benchmark code, not a secret")] listenOptions.UseHttps("testCert.pfx", "testPassword", options => { + if (supportedTlsVersions is not null) + { + options.SslProtocols = supportedTlsVersions.Value; + } + if (mTlsEnabled) { options.ClientCertificateMode = ClientCertificateMode.RequireCertificate; @@ -164,6 +171,7 @@ bool AllowAnyCertificateValidationWithLogging(X509Certificate2 certificate, X509 { Console.WriteLine($"\tenabled logging stats to console"); } +Console.WriteLine($"\tsupported TLS versions: {supportedTlsVersions}"); Console.WriteLine($"\tlistening endpoints: {listeningEndpoints}"); Console.WriteLine("--------------------------------"); @@ -184,4 +192,37 @@ static IPEndPoint CreateIPEndPoint(UrlPrefix urlPrefix) } return new IPEndPoint(ip, urlPrefix.PortValue); +} + +static SslProtocols? ParseSslProtocols(string? supportedTlsVersions) +{ + var protocols = SslProtocols.None; + if (string.IsNullOrEmpty(supportedTlsVersions)) + { + return protocols; + } + + foreach (var version in supportedTlsVersions.Split(',')) + { + switch (version.Trim().ToLower()) + { +#pragma warning disable SYSLIB0039 // Type or member is obsolete + case "tls11": + protocols |= SslProtocols.Tls11; + break; +#pragma warning restore SYSLIB0039 // Type or member is obsolete + case "tls12": + protocols |= SslProtocols.Tls12; + break; + case "tls13": + protocols |= SslProtocols.Tls13; + break; + case "any": + return null; + default: + throw new ArgumentException($"Unsupported TLS version: {version}"); + } + } + + return protocols; } \ No newline at end of file From c5d2d81adcf64bef214236c6bfd82ea253f1e6b6 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 00:24:51 +0100 Subject: [PATCH 05/12] support "any" option --- src/BenchmarksApps/TLS/Kestrel/Program.cs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/BenchmarksApps/TLS/Kestrel/Program.cs b/src/BenchmarksApps/TLS/Kestrel/Program.cs index 15a7e767f..c20a95eac 100644 --- a/src/BenchmarksApps/TLS/Kestrel/Program.cs +++ b/src/BenchmarksApps/TLS/Kestrel/Program.cs @@ -197,9 +197,9 @@ static IPEndPoint CreateIPEndPoint(UrlPrefix urlPrefix) static SslProtocols? ParseSslProtocols(string? supportedTlsVersions) { var protocols = SslProtocols.None; - if (string.IsNullOrEmpty(supportedTlsVersions)) + if (string.IsNullOrEmpty(supportedTlsVersions) || supportedTlsVersions == "any") { - return protocols; + return null; } foreach (var version in supportedTlsVersions.Split(',')) @@ -217,8 +217,6 @@ static IPEndPoint CreateIPEndPoint(UrlPrefix urlPrefix) case "tls13": protocols |= SslProtocols.Tls13; break; - case "any": - return null; default: throw new ArgumentException($"Unsupported TLS version: {version}"); } From 63a1ed41869bbceb4ef8fb335f4a27f706b061e0 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 00:30:19 +0100 Subject: [PATCH 06/12] specify tls and rollback unneded --- scenarios/antiforgery.benchmarks.yml | 2 +- scenarios/tls.benchmarks.yml | 8 +++++++- src/BenchmarksApps/Antiforgery/Program.cs | 7 ------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/scenarios/antiforgery.benchmarks.yml b/scenarios/antiforgery.benchmarks.yml index ef033df7d..9099dc042 100644 --- a/scenarios/antiforgery.benchmarks.yml +++ b/scenarios/antiforgery.benchmarks.yml @@ -35,7 +35,7 @@ scenarios: load: job: wrk variables: - path: /generateToken + path: /auth antiforgery-noop: application: diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 0e29facb7..08627676b 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -57,6 +57,7 @@ scenarios: presetHeaders: connectionclose connections: 32 serverScheme: https + sslProtocols: tls12 mTls-handshakes-httpsys: application: @@ -77,6 +78,7 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/HttpSys/testCert.pfx certPwd: testPassword + sslProtocols: tls12 tls-renegotiation-httpsys: application: @@ -95,6 +97,7 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/HttpSys/testCert.pfx certPwd: testPassword + sslProtocols: tls12 # Kestrel @@ -108,6 +111,7 @@ scenarios: presetHeaders: connectionclose connections: 32 serverScheme: https + sslProtocols: tls12 mTls-handshakes-kestrel: application: @@ -124,6 +128,7 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/Kestrel/testCert.pfx certPwd: testPassword + sslProtocols: tls12 tls-renegotiation-kestrel: application: @@ -140,4 +145,5 @@ scenarios: connections: 32 serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/Kestrel/testCert.pfx - certPwd: testPassword \ No newline at end of file + certPwd: testPassword + sslProtocols: tls12 \ No newline at end of file diff --git a/src/BenchmarksApps/Antiforgery/Program.cs b/src/BenchmarksApps/Antiforgery/Program.cs index f2554e46e..b990d55cf 100644 --- a/src/BenchmarksApps/Antiforgery/Program.cs +++ b/src/BenchmarksApps/Antiforgery/Program.cs @@ -10,13 +10,6 @@ app.MapGet("/", () => Results.Ok("hello world!")); app.MapGet("/noOp", (HttpContext ctx, IAntiforgery antiforgery) => Results.Ok()); -// GET https://localhost:55471/generateToken -app.MapGet("/generateToken", (HttpContext ctx, IAntiforgery antiforgery) => -{ - var token = antiforgery.GetAndStoreTokens(ctx); - return Results.Ok(); -}); - // GET https://localhost:55471/auth app.MapGet("/auth", (HttpContext ctx, IAntiforgery antiforgery) => { From abf7e84e0f51c98950b66aa8066a88ae262352f8 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 00:30:53 +0100 Subject: [PATCH 07/12] reference main httpclient --- scenarios/tls.benchmarks.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 08627676b..933796068 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -1,8 +1,7 @@ imports: - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Wrk/wrk.yml - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Bombardier/bombardier.yml - # - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml - - https://raw.githubusercontent.com/DeagleGross/crank/refs/heads/dmkorolev/httpclient/add-tls-protocol-override/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml + - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml - https://github.com/aspnet/Benchmarks/blob/main/scenarios/aspnet.profiles.yml?raw=true variables: From 0344897bc420cce76f83c20f9f4e676f2aa214d2 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 00:38:21 +0100 Subject: [PATCH 08/12] all tls protocols for kestrel by default --- scenarios/tls.benchmarks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 933796068..26bf2ba45 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -35,7 +35,7 @@ jobs: # behavioral settings mTLS: false tlsRenegotiation: false - tlsProtocols: "tls12" + tlsProtocols: "tls12,tls13" # debug settings certValidationConsoleEnabled: false statsEnabled: false From 7dfe8790e939715138fc42fa74264ec36bf6f7d8 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 20:57:09 +0100 Subject: [PATCH 09/12] tmp --- scenarios/tls.benchmarks.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 26bf2ba45..4bbcaeea8 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -1,7 +1,8 @@ imports: - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Wrk/wrk.yml - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Bombardier/bombardier.yml - - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml + # - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml + - https://raw.githubusercontent.com/dotnet/crank/311be9f76544c3f5340ccedc26e77212b3f4abd0/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml - https://github.com/aspnet/Benchmarks/blob/main/scenarios/aspnet.profiles.yml?raw=true variables: From 83c31b0b16f4a2cae819164c31a8a97ed9935f66 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 21:09:59 +0100 Subject: [PATCH 10/12] adjust based on pr in crank --- scenarios/tls.benchmarks.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml index 4bbcaeea8..e8219b8e3 100644 --- a/scenarios/tls.benchmarks.yml +++ b/scenarios/tls.benchmarks.yml @@ -1,8 +1,7 @@ imports: - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Wrk/wrk.yml - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Bombardier/bombardier.yml - # - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml - - https://raw.githubusercontent.com/dotnet/crank/311be9f76544c3f5340ccedc26e77212b3f4abd0/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml + - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml - https://github.com/aspnet/Benchmarks/blob/main/scenarios/aspnet.profiles.yml?raw=true variables: @@ -57,7 +56,7 @@ scenarios: presetHeaders: connectionclose connections: 32 serverScheme: https - sslProtocols: tls12 + sslProtocol: tls12 mTls-handshakes-httpsys: application: @@ -78,7 +77,7 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/HttpSys/testCert.pfx certPwd: testPassword - sslProtocols: tls12 + sslProtocol: tls12 tls-renegotiation-httpsys: application: @@ -97,7 +96,7 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/HttpSys/testCert.pfx certPwd: testPassword - sslProtocols: tls12 + sslProtocol: tls12 # Kestrel @@ -111,7 +110,7 @@ scenarios: presetHeaders: connectionclose connections: 32 serverScheme: https - sslProtocols: tls12 + sslProtocol: tls12 mTls-handshakes-kestrel: application: @@ -128,7 +127,7 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/Kestrel/testCert.pfx certPwd: testPassword - sslProtocols: tls12 + sslProtocol: tls12 tls-renegotiation-kestrel: application: @@ -146,4 +145,4 @@ scenarios: serverScheme: https certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/Kestrel/testCert.pfx certPwd: testPassword - sslProtocols: tls12 \ No newline at end of file + sslProtocol: tls12 \ No newline at end of file From 48911b29edc7151ea8ecf583ac8063ff22ddd0ee Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Tue, 21 Jan 2025 23:14:51 +0100 Subject: [PATCH 11/12] address PR comments --- src/BenchmarksApps/TLS/Kestrel/Program.cs | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/BenchmarksApps/TLS/Kestrel/Program.cs b/src/BenchmarksApps/TLS/Kestrel/Program.cs index c20a95eac..4d218dede 100644 --- a/src/BenchmarksApps/TLS/Kestrel/Program.cs +++ b/src/BenchmarksApps/TLS/Kestrel/Program.cs @@ -111,7 +111,8 @@ bool AllowAnyCertificateValidationWithLogging(X509Certificate2 certificate, X509 Console.WriteLine("TLS: " + tlsHandshakeFeature.Protocol); Console.WriteLine("-----"); } - await next(); + + await next(context); }); } @@ -123,7 +124,7 @@ bool AllowAnyCertificateValidationWithLogging(X509Certificate2 certificate, X509 connectionIds.Add(context.Connection.Id); Console.WriteLine($"[stats] unique connections established: {connectionIds.Count}; fetched certificates: {fetchedCertsCounter}"); - await next(); + await next(context); }); } @@ -143,7 +144,7 @@ bool AllowAnyCertificateValidationWithLogging(X509Certificate2 certificate, X509 Console.WriteLine($"client certificate ({clientCert.Thumbprint}) already exists on the connection {context.Connection.Id}"); } - await next(); + await next(context); }); } @@ -206,11 +207,6 @@ static IPEndPoint CreateIPEndPoint(UrlPrefix urlPrefix) { switch (version.Trim().ToLower()) { -#pragma warning disable SYSLIB0039 // Type or member is obsolete - case "tls11": - protocols |= SslProtocols.Tls11; - break; -#pragma warning restore SYSLIB0039 // Type or member is obsolete case "tls12": protocols |= SslProtocols.Tls12; break; From 3de09e902939fe81064b893cdef1b71660984807 Mon Sep 17 00:00:00 2001 From: Dmitrii Korolev Date: Wed, 22 Jan 2025 12:01:47 +0100 Subject: [PATCH 12/12] pass in context to next middleware --- src/BenchmarksApps/TLS/HttpSys/Program.cs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/BenchmarksApps/TLS/HttpSys/Program.cs b/src/BenchmarksApps/TLS/HttpSys/Program.cs index d19010aac..56e170b31 100644 --- a/src/BenchmarksApps/TLS/HttpSys/Program.cs +++ b/src/BenchmarksApps/TLS/HttpSys/Program.cs @@ -53,7 +53,8 @@ Console.WriteLine("TLS: " + tlsHandshakeFeature.Protocol); Console.WriteLine("-----"); } - await next(); + + await next(context); }); } @@ -65,7 +66,7 @@ connectionIds.Add(context.Connection.Id); Console.WriteLine($"[stats] unique connections established: {connectionIds.Count}; fetched certificates: {fetchedCertsCounter}"); - await next(); + await next(context); }); } @@ -131,7 +132,7 @@ void OnShutdown() // we have a client cert here, and lets imagine we do the validation here // if (clientCert.Thumbprint != "1234567890") throw new NotImplementedException(); - await next(); + await next(context); }); }