backport(net8.0): http.sys on-demand TLS client hello retrieval #62290
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DeagleGross
requested review from
halter73,
BrennanConroy,
JamesNK and
mgravell
as code owners
DeagleGross
changed the title
DeagleGross
changed the title
BrennanConroy
approved these changes
Jun 10, 2025
joperezr
approved these changes
Jun 11, 2025
This was referenced Jul 21, 2025
Closed
This was referenced Oct 1, 2025
Bump Microsoft.AspNetCore.Identity.EntityFrameworkCore from 8.0.10 to 8.0.20
jviquez90/EshopOnWeb#14
Open
Closed
microsoft-github-policy-service bot
pushed a commit
to Azure/bicep
that referenced
this pull request
Oct 5, 2025
#18209) [//]: # (dependabot-start)⚠️ **Dependabot is rebasing this PR**⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Updated [Microsoft.AspNetCore.Components.WebAssembly](https://github.com/dotnet/aspnetcore) from 8.0.15 to 8.0.20. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Components.WebAssembly's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 8.0.20 [Release](https://github.com/dotnet/core/releases/tag/v8.0.20) ## What's Changed * Update branding to 8.0.20 by @vseanreesermsft in dotnet/aspnetcore#63106 * [release/8.0] (deps): Bump src/submodules/googletest from `c67de11` to `373af2e` by @dependabot[bot] in dotnet/aspnetcore#63038 * [release/8.0] Dispose the certificate chain elements with the chain by @MackinnonBuck in dotnet/aspnetcore#62994 * [release/8.0] Update SignalR Redis tests to use internal Docker Hub mirror by @github-actions[bot] in dotnet/aspnetcore#63117 * [release/8.0] [SignalR] Don't throw for message headers in Java client by @github-actions[bot] in dotnet/aspnetcore#62784 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#63152 * [release/8.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63188 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63189 **Full Changelog**: dotnet/aspnetcore@v8.0.19...v8.0.20 ## 8.0.18 [Release](https://github.com/dotnet/core/releases/tag/v8.0.18) ## What's Changed * Update branding to 8.0.18 by @vseanreesermsft in dotnet/aspnetcore#62241 * [release/8.0] Update Alpine helix references by @github-actions in dotnet/aspnetcore#62243 * [release/8.0] (deps): Bump src/submodules/googletest from `04ee1b4` to `e9092b1` by @dependabot in dotnet/aspnetcore#62201 * [8.0] Delete src/arcade directory by @akoeplinger in dotnet/aspnetcore#61994 * [Backport 8.0] [IIS] Manually parse exe bitness (#61894) by @BrennanConroy in dotnet/aspnetcore#62037 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#62006 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61944 * [release/8.0] Associate tagged keys with entries so replacements are not evicted by @github-actions in dotnet/aspnetcore#62247 * [release/8.0] Block test that is failing after switching to latest-chrome by @github-actions in dotnet/aspnetcore#62284 * backport(net8.0): http.sys on-demand TLS client hello retrieval by @DeagleGross in dotnet/aspnetcore#62290 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#62302 **Full Changelog**: dotnet/aspnetcore@v8.0.17...v8.0.18 ## 8.0.17 ## Bug Fixes - **Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy** ([#61623](dotnet/aspnetcore#61623)) The Forwarded Headers Middleware now ignores `X-Forwarded-Headers` sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests. ## Dependency Updates - **Update dependencies from dotnet/arcade** ([#61832](dotnet/aspnetcore#61832)) This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure. - **Bump src/submodules/googletest from `52204f7` to `04ee1b4`** ([#61761](dotnet/aspnetcore#61761)) The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components. ## Miscellaneous - **Update branding to 8.0.17** ([#61830](dotnet/aspnetcore#61830)) The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation. - **Merging internal commits for release/8.0** ([#61924](dotnet/aspnetcore#61924)) This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date. --- This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests. **Full Changelog**: dotnet/aspnetcore@v8.0.16...v8.0.17 ## 8.0.16 [Release](https://github.com/dotnet/core/releases/tag/v8.0.16) ## What's Changed * Update branding to 8.0.16 by @vseanreesermsft in dotnet/aspnetcore#61283 * [release/8.0] (deps): Bump src/submodules/googletest from `24a9e94` to `52204f7` by @dependabot in dotnet/aspnetcore#61260 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#61281 * [release/8.0] Upgrade to Ubuntu 22 by @wtgodbe in dotnet/aspnetcore#61216 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#60901 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#60926 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61404 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#61398 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61411 * Revert "Revert "[release/8.0] Update remnants of azureedge.net"" by @wtgodbe in dotnet/aspnetcore#60352 * [release/8.0] Fix preserving messages for stateful reconnect with backplane by @BrennanConroy in dotnet/aspnetcore#61375 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#61442 * fetch TLS client hello message from HTTP.SYS by @BrennanConroy in dotnet/aspnetcore#61494 **Full Changelog**: dotnet/aspnetcore@v8.0.15...v8.0.16 Commits viewable in [compare view](dotnet/aspnetcore@v8.0.15...v8.0.20). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> ###### Microsoft Reviewers: [Open in CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/18209) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Oct 6, 2025
Closed
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Http.Sys on-demand tls client hello bytes fetch to net8.
Description
Backporting #62209 to release/net8.0.
Changes API to have a
byte[]input parameter, becauseSpan<byte>is not really compatible with reflection. So it becomesbool TryGetTlsClientHello(byte[] tlsClientHelloBytesDestination, out int bytesReturned);Usage example is in the sample app and commented to be a recommended approach (compared to callback API; as on-demand API will be an only API existing in net10):
Fixes #61625
Customer Impact
Allows customers to inspect the TLS Client Hello message on-demand instead of following the callback API.
Existing #61494 callback API showed issues with race-conditions (processing callback at the same time as serving other requests).
Regression?
Risk
Fully opt-in feature so won't affect existing code. Also, if it is turned on, there are a few app context knobs to tweak behavior in case something goes wrong.
Verification
Packaging changes reviewed?