backport(net8.0): http.sys on-demand TLS client hello retrieval #62290

DeagleGross · 2025-06-09T23:32:40Z

Http.Sys on-demand tls client hello bytes fetch to net8.

Description

Backporting #62209 to release/net8.0.
Changes API to have a byte[] input parameter, because Span<byte> is not really compatible with reflection. So it becomes bool TryGetTlsClientHello(byte[] tlsClientHelloBytesDestination, out int bytesReturned);

Usage example is in the sample app and commented to be a recommended approach (compared to callback API; as on-demand API will be an only API existing in net10):

var httpSysAssembly = typeof(Microsoft.AspNetCore.Server.HttpSys.HttpSysOptions).Assembly;
var httpSysPropertyFeatureType = httpSysAssembly.GetType("Microsoft.AspNetCore.Server.HttpSys.IHttpSysRequestPropertyFeature");
var httpSysPropertyFeature = context.Features[httpSysPropertyFeatureType]!;

var method = httpSysPropertyFeature.GetType().GetMethod(
   "TryGetTlsClientHello",
   BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic
);

// invoke first time to get required size
byte[] bytes = Array.Empty<byte>();
var parameters = new object[] { bytes, 0 };
var res = (bool)method.Invoke(httpSysPropertyFeature, parameters);

// fetching out parameter only works by looking into parameters array of objects
var bytesReturned = (int)parameters[1];
bytes = ArrayPool<byte>.Shared.Rent(bytesReturned);
parameters = [bytes, 0]; // correct input now
res = (bool)method.Invoke(httpSysPropertyFeature, parameters);

// this is the span representing the TLS Client Hello bytes only
var tlsClientHelloBytes = ((byte[])parameters[0]).AsSpan(0, bytesReturned);
await context.Response.WriteAsync($"TlsBytes: {string.Join(" ", tlsClientHelloBytes.Slice(0, 10).ToArray())}; full length = {bytesReturned}");

ArrayPool<byte>.Shared.Return(bytes);

Fixes #61625

Customer Impact

Allows customers to inspect the TLS Client Hello message on-demand instead of following the callback API.
Existing #61494 callback API showed issues with race-conditions (processing callback at the same time as serving other requests).

Regression?

Yes
No

Risk

High
Medium
Low

Fully opt-in feature so won't affect existing code. Also, if it is turned on, there are a few app context knobs to tweak behavior in case something goes wrong.

Verification

Manual (required)
Automated

Packaging changes reviewed?

Yes
No
N/A

Updated [Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/aspnetcore) from 8.0.12 to 9.0.10. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Mvc.Testing's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 9.0.10 [Release](https://github.com/dotnet/core/releases/tag/v9.0.10) ## What's Changed * Update branding to 9.0.10 by @vseanreesermsft in dotnet/aspnetcore#63510 * [9.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key by @jkoritzinsky in dotnet/aspnetcore#63249 * [release/9.0] Extend Unofficial 1ES template in IdentityModel nightly tests job by @github-actions[bot] in dotnet/aspnetcore#63465 * [release/9.0] (deps): Bump src/submodules/googletest from `373af2e` to `eb2d85e` by @dependabot[bot] in dotnet/aspnetcore#63501 * [release/9.0] Quarantine ResponseBody_WriteContentLength_PassedThrough by @wtgodbe in dotnet/aspnetcore#63533 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63304 * [release/9.0] [OpenAPI] Use invariant culture for TextWriter by @martincostello in dotnet/aspnetcore#62239 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63303 * Unquarantine `RadioButtonGetsResetAfterSubmittingEnhancedForm` by @ilonatommy in dotnet/aspnetcore#63556 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63577 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#63604 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63648 * backport(9.0): Fix runtime architecture detection logic in ANCM. by @DeagleGross in dotnet/aspnetcore#63707 **Full Changelog**: dotnet/aspnetcore@v9.0.9...v9.0.10 ## 9.0.9 [Release](https://github.com/dotnet/core/releases/tag/v9.0.9) ## What's Changed * Update branding to 9.0.9 by @vseanreesermsft in dotnet/aspnetcore#63107 * [release/9.0] (deps): Bump src/submodules/googletest from `c67de11` to `373af2e` by @dependabot[bot] in dotnet/aspnetcore#63035 * [release/9.0] Dispose the certificate chain elements with the chain by @github-actions[bot] in dotnet/aspnetcore#62992 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#62702 * [release/9.0] Update Microsoft.Build versions by @wtgodbe in dotnet/aspnetcore#62505 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#62832 * [release/9.0] Update SignalR Redis tests to use internal Docker Hub mirror by @github-actions[bot] in dotnet/aspnetcore#63116 * [release/9.0] [SignalR] Don't throw for message headers in Java client by @github-actions[bot] in dotnet/aspnetcore#62783 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#63151 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63190 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63214 **Full Changelog**: dotnet/aspnetcore@v9.0.8...v9.0.9 ## 9.0.7 [Release](https://github.com/dotnet/core/releases/tag/v9.0.7) ## What's Changed * Update branding to 9.0.7 by @vseanreesermsft in dotnet/aspnetcore#62242 * [release/9.0] (deps): Bump src/submodules/googletest from `04ee1b4` to `e9092b1` by @dependabot in dotnet/aspnetcore#62199 * Fix OpenApiJsonSchema array parsing (#62051) by @BrennanConroy in dotnet/aspnetcore#62118 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#61986 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61945 * [release/9.0] Update Alpine helix references by @wtgodbe in dotnet/aspnetcore#62240 * [Backport 9.0] [IIS] Manually parse exe bitness (#61894) by @BrennanConroy in dotnet/aspnetcore#62038 * [release/9.0] Associate tagged keys with entries so replacements are not evicted by @github-actions in dotnet/aspnetcore#62248 * [release/9.0] Block test that is failing after switching to latest-chrome by @github-actions in dotnet/aspnetcore#62283 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#62281 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#62282 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#62303 **Full Changelog**: dotnet/aspnetcore@v9.0.6...v9.0.7 ## 9.0.6 ## Bug Fixes - **Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy** ([#61622](dotnet/aspnetcore#61622)) The Forwarded Headers Middleware now ignores `X-Forwarded-Headers` sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence forwarded header values, preventing potential spoofing or misrouting issues. ## Dependency Updates - **Bump src/submodules/googletest from `52204f7` to `04ee1b4`** ([#61762](dotnet/aspnetcore#61762)) Updates the GoogleTest submodule to a newer commit, bringing in the latest improvements and bug fixes from the upstream project. - **Update dependencies from dotnet/arcade** ([#61714](dotnet/aspnetcore#61714)) Updates internal build and infrastructure dependencies from the dotnet/arcade repository, ensuring compatibility and access to the latest build tools. - **Update dependencies from dotnet/extensions** ([#61571](dotnet/aspnetcore#61571)) Refreshes dependencies from the dotnet/extensions repository, incorporating the latest features and fixes from the extensions libraries. - **Update dependencies from dotnet/extensions** ([#61877](dotnet/aspnetcore#61877)) Further updates dependencies from dotnet/extensions, ensuring the project benefits from recent improvements and bug fixes. - **Update dependencies from dotnet/arcade** ([#61892](dotnet/aspnetcore#61892)) Additional updates to build and infrastructure dependencies from dotnet/arcade, maintaining up-to-date tooling and build processes. ## Miscellaneous - **Update branding to 9.0.6** ([#61831](dotnet/aspnetcore#61831)) Updates the project version and branding to 9.0.6, reflecting the new release and ensuring version consistency across the codebase. - **Merging internal commits for release/9.0** ([#61925](dotnet/aspnetcore#61925)) Incorporates various internal commits into the release/9.0 branch, ensuring that all relevant changes are included in this release. --- This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests. Full Changelog: [v9.0.5...v9.0.6](dotnet/aspnetcore@v9.0.5...v9.0.6) ## 9.0.5 [Release](https://github.com/dotnet/core/releases/tag/v9.0.5) ## What's Changed * Update branding to 9.0.5 by @vseanreesermsft in dotnet/aspnetcore#61284 * [release/9.0] (deps): Bump src/submodules/googletest from `24a9e94` to `52204f7` by @dependabot in dotnet/aspnetcore#61261 * [release/9.0] Upgrade to Ubuntu 22 by @github-actions in dotnet/aspnetcore#61215 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#60964 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#60902 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61355 * [release/9.0] Caching SERedis critical bugfix; defer HC metadata detection because of DI cycle by @github-actions in dotnet/aspnetcore#60916 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#61354 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#61393 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61412 * Revert "Revert "[release/9.0] Update remnants of azureedge.net"" by @wtgodbe in dotnet/aspnetcore#60353 * [release/9.0] Fix preserving messages for stateful reconnect with backplane by @github-actions in dotnet/aspnetcore#61374 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#61483 * [Identity] Fix Identity UI asset definitions by @javiercn in dotnet/aspnetcore#59100 **Full Changelog**: dotnet/aspnetcore@v9.0.4...v9.0.5 ## 9.0.4 [Release](https://github.com/dotnet/core/releases/tag/v9.0.4) ## What's Changed * Update branding to 9.0.4 by @vseanreesermsft in dotnet/aspnetcore#60785 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#60445 * [release/9.0] (deps): Bump src/submodules/googletest from `e235eb3` to `24a9e94` by @dependabot in dotnet/aspnetcore#60678 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#60356 * Fix OpenAPI server URLs for Aspire scenarios by @captainsafia in dotnet/aspnetcore#60673 * Fix self-referential schema handling in collection schemas by @captainsafia in dotnet/aspnetcore#60410 * [release/9.0] [Blazor] Fix custom elements JS assets not being included in build output by @MackinnonBuck in dotnet/aspnetcore#60858 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#60880 **Full Changelog**: dotnet/aspnetcore@v9.0.3...v9.0.4 ## 9.0.3 [Release](https://github.com/dotnet/core/releases/tag/v9.0.3) ## What's Changed * Update branding to 9.0.3 by @vseanreesermsft in dotnet/aspnetcore#60198 * [release/9.0] Fix branding by @wtgodbe in dotnet/aspnetcore#60029 * [release/9.0] Update to MacOS 15 in Helix by @github-actions in dotnet/aspnetcore#60238 * [release/9.0] Revert "Revert "Use the latest available jdk"" by @github-actions in dotnet/aspnetcore#60229 * [release/9.0] Update `HtmlAttributePropertyHelper` to correctly follow the `MetadataUpdateHandlerAttribute` contract by @github-actions in dotnet/aspnetcore#59908 * [release/9.0] Fix skip condition for java tests by @github-actions in dotnet/aspnetcore#60242 * [release/9.0] (deps): Bump src/submodules/googletest from `7d76a23` to `e235eb3` by @dependabot in dotnet/aspnetcore#60151 * [release/9.0] Readd DiagnosticSource to KestrelServerImpl by @github-actions in dotnet/aspnetcore#60202 * [release/9.0] Redis distributed cache: add HybridCache usage signal by @github-actions in dotnet/aspnetcore#59886 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#59952 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#59951 * [release/9.0] Update remnants of azureedge.net by @sebastienros in dotnet/aspnetcore#60263 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#60291 * [release/9.0] Centralize on one docker container by @wtgodbe in dotnet/aspnetcore#60298 * Revert "[release/9.0] Update remnants of azureedge.net" by @wtgodbe in dotnet/aspnetcore#60323 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#60317 **Full Changelog**: dotnet/aspnetcore@v9.0.2...v9.0.3 ## 9.0.2 [Release](https://github.com/dotnet/core/releases/tag/v9.0.2) ## What's Changed * Update branding to 9.0.2 by @vseanreesermsft in dotnet/aspnetcore#59757 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#59267 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#59266 * [release/9.0] Update OSX helix queue by @github-actions in dotnet/aspnetcore#59743 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#59728 * [release/9.0] (deps): Bump src/submodules/googletest from `d144031` to `7d76a23` by @dependabot in dotnet/aspnetcore#59679 * [release/9.0] Skip tests on internal queues too by @github-actions in dotnet/aspnetcore#59578 * [release/9.0] Fix loading dotnet user-jwts config by @github-actions in dotnet/aspnetcore#59473 * [release/9.0] Fix MultipartReaderStream synchronous read when using buffer offset by @github-actions in dotnet/aspnetcore#59422 * [release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in dotnet/aspnetcore#59419 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#59611 * [release/9.0] Fix Kestrel host header mismatch handling when port in Url by @github-actions in dotnet/aspnetcore#59362 * Migrate off of Fedora 38 by @v-firzha in dotnet/aspnetcore#59613 * [release/9.0] [Blazor WASM standalone] Avoid caching `index.html` during development by @MackinnonBuck in dotnet/aspnetcore#59348 * [release/9.0] Update to Fedora 41 by @github-actions in dotnet/aspnetcore#59816 * [release/9.0] Don't throw exception for parameters with custom binding source by @github-actions in dotnet/aspnetcore#59533 * [release/9.0] Apply schema transformer to AdditionalProperties by @github-actions in dotnet/aspnetcore#59730 * [release/9.0] Harden schema reference transformer for relative references by @captainsafia in dotnet/aspnetcore#59779 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#59847 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#59848 * [release/9.0] Return 206 Partial Content on Valid Range for Static Assets by @github-actions in dotnet/aspnetcore#59325 * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#59871 **Full Changelog**: dotnet/aspnetcore@v9.0.1...v9.0.2 ## 9.0.1 [Release](https://github.com/dotnet/core/releases/tag/v9.0.1) ## What's Changed * Merging internal commits for release/9.0 by @vseanreesermsft in dotnet/aspnetcore#58900 * [release/9.0] Prevent unnecessary debugger stops for user-unhandled exceptions in Blazor apps with Just My Code enabled by @halter73 in dotnet/aspnetcore#58573 * Hot Reload agent improvements by @tmat in dotnet/aspnetcore#58333 * [release/9.0] Update dependencies from roslyn by @wtgodbe in dotnet/aspnetcore#59183 * [release/9.0] Add direct reference to System.Drawing.Common in tools by @wtgodbe in dotnet/aspnetcore#59189 * [release/9.0] Harden parsing of [Range] attribute values by @github-actions in dotnet/aspnetcore#59077 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#59143 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#59024 * [release/9.0] (deps): Bump src/submodules/googletest from `6dae7eb` to `d144031` by @dependabot in dotnet/aspnetcore#59032 * [release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in dotnet/aspnetcore#58589 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#58675 * [release/9.0] Fix SignalR Java POM to include description by @github-actions in dotnet/aspnetcore#58896 * [release/9.0] Fix IIS outofprocess to remove WebSocket compression handshake by @github-actions in dotnet/aspnetcore#58931 **Full Changelog**: dotnet/aspnetcore@v9.0.0...v9.0.1 ## 9.0.0 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0) ## What's Changed * Update branding to rtm by @wtgodbe in dotnet/aspnetcore#57907 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57910 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#57922 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57954 * [release/9.0] Fix skip condition for IIS tests by @wtgodbe in dotnet/aspnetcore#57999 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#58032 * [release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58015 * [release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in dotnet/aspnetcore#58033 * [release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58048 * [automated] Merge branch 'release/9.0-rc2' => 'release/9.0' by @github-actions in dotnet/aspnetcore#57975 * [release/9.0] Update dependencies from dotnet/efcore by @dotnet-maestro in dotnet/aspnetcore#58052 * Fix up OpenAPI schema handling and support concurrent requests by @captainsafia in dotnet/aspnetcore#58024 * [release/9.0] Mark API from 9 as shipped by @wtgodbe in dotnet/aspnetcore#58060 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#58034 * [release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58117 * [release/9.0] Enable TSA/Policheck by @github-actions in dotnet/aspnetcore#58123 * [release/9.0] Add explicit conversion for value-type returning handlers with filters by @github-actions in dotnet/aspnetcore#57967 * [release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in dotnet/aspnetcore#58116 * [release/9.0] (deps): Bump src/submodules/MessagePack-CSharp from `ecc4e18` to `9511905` by @dependabot in dotnet/aspnetcore#58183 * [release/9.0] (deps): Bump src/submodules/googletest from `0953a17` to `6dae7eb` by @dependabot in dotnet/aspnetcore#58184 * [release/9.0] Change usage of "Country" to "CountryRegion" by @github-actions in dotnet/aspnetcore#58280 * Merge RC2 changes into 9.0 by @wtgodbe in dotnet/aspnetcore#58296 * [release/9.0] Remove ProviderKey from Hosting Bundle by @github-actions in dotnet/aspnetcore#58293 * [release/9.0] [Blazor] Fix template nav menu styling by @github-actions in dotnet/aspnetcore#58277 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#58268 * [release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in dotnet/aspnetcore#58159 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#58158 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#58157 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58182 * [release/9.0] Update dependencies from dotnet/efcore by @dotnet-maestro in dotnet/aspnetcore#58306 * [release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58315 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58355 * [release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in dotnet/aspnetcore#58366 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#58344 * [release/9.0] Fix handling for inert route parameters in MVC endpoints for OpenAPI by @github-actions in dotnet/aspnetcore#58311 * [release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in dotnet/aspnetcore#58413 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58374 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#58414 * [release/9.0] Fix ModelMetadata for TryParse-parameters in ApiExplorer by @captainsafia in dotnet/aspnetcore#58372 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58421 * [release/9.0] Stabilize branding by @wtgodbe in dotnet/aspnetcore#58444 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58449 * [release/9.0] [Infrastructure] Updated npm packages by @MackinnonBuck in dotnet/aspnetcore#58469 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#58462 * [release/9.0] bumping ws dependency to fix component vulnerability by @github-actions in dotnet/aspnetcore#58458 * [release/9.0] Improve dev-certs export error message by @github-actions in dotnet/aspnetcore#58471 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#58475 ... (truncated) ## 9.0.0-rc.2.24474.3 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-rc.2) ## What's Changed * [automated] Merge branch 'release/9.0-rc1' => 'release/9.0' by @github-actions in dotnet/aspnetcore#57420 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57366 * [release/9.0] Add references to new 9.0 branches in .yml files by @wtgodbe in dotnet/aspnetcore#57463 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#57526 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#57446 * [release/9.0] Quarantine two CircuitTests by @github-actions in dotnet/aspnetcore#57606 * [automated] Merge branch 'release/9.0-rc1' => 'release/9.0' by @github-actions in dotnet/aspnetcore#57659 * [release/9.0] Fix duplicate error.type on kestrel.connection.duration by @github-actions in dotnet/aspnetcore#57581 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#57668 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57436 * [release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in dotnet/aspnetcore#57527 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57686 * [release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in dotnet/aspnetcore#57691 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#57667 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#57528 * [release/9.0] Update dependencies from dotnet/efcore by @dotnet-maestro in dotnet/aspnetcore#57697 * [release/9.0] [Blazor] Invoke inbound activity handlers on circuit initialization by @github-actions in dotnet/aspnetcore#57678 * Disable launching browser on Web API template by @captainsafia in dotnet/aspnetcore#57682 * [release/9.0] [Static Assets] Improve development experience by @github-actions in dotnet/aspnetcore#57764 * Include Readme.md in packages by @wtgodbe in dotnet/aspnetcore#57809 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#57759 * [release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in dotnet/aspnetcore#57760 * [release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in dotnet/aspnetcore#57761 * [release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#57762 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57708 * HybridCache: relocate to dotnet/extensions by @mgravell in dotnet/aspnetcore#57670 * [release/9.0] (deps): Bump src/submodules/googletest from `ff233bd` to `0953a17` by @dependabot in dotnet/aspnetcore#57643 * Http.Sys: Clean up Request parsing errors by @BrennanConroy in dotnet/aspnetcore#57531 * [release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57835 * [release/9.0] [Identity][Templates] Ensure placeholders don't overlap with text by @github-actions in dotnet/aspnetcore#57789 * [release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57858 * Fix mapping for nested schemas and [Produces] attributes in OpenAPI implementation by @captainsafia in dotnet/aspnetcore#57852 * [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in dotnet/aspnetcore#57866 * [release/9.0] [Templates] Updates libraries dependencies content by @github-actions in dotnet/aspnetcore#57864 * [release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#57896 * [release/9.0-rc2] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#57931 * Add registry search for upgrade policy keys by @wtgodbe in dotnet/aspnetcore#57952 * Check for sentinel value when setting HTTP/3 error code by @amcasey in dotnet/aspnetcore#57976 * [release/9.0-rc2] [Blazor] Update `WebAssembly.DevServer` to serve the `Blazor-Environment` header by @github-actions in dotnet/aspnetcore#57974 * Fix IAsyncEnumerable controller methods to allow setting headers by @BrennanConroy in dotnet/aspnetcore#57924 * Add partitioned to cookie for SignalR browser testing by @BrennanConroy in dotnet/aspnetcore#57997 **Full Changelog**: dotnet/aspnetcore@v9.0.0-rc.1.24452.1...v9.0.0-rc.2.24474.3 ## 9.0.0-rc.1.24452.1 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-rc.1) ## 9.0.0-preview.7.24406.2 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-preview.7) ## 9.0.0-preview.6.24328.4 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-preview.6) ## 9.0.0-preview.5.24306.11 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-preview.5) ## 9.0.0-preview.4.24267.6 [Release](https://github.com/dotnet/core/releases) ## 9.0.0-preview.3.24172.13 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-preview.3) ## 9.0.0-preview.2.24128.4 [Release[(https://github.com/dotnet/core/releases/tag/v9.0.0-preview.2) ## 9.0.0-preview.1.24081.5 [Release](https://github.com/dotnet/core/releases/tag/v9.0.0-preview.1) ## 8.0.21 [Release](https://github.com/dotnet/core/releases/tag/v8.0.21) ## What's Changed * Update branding to 8.0.21 by @vseanreesermsft in dotnet/aspnetcore#63509 * [release/8.0] (deps): Bump src/submodules/googletest from `373af2e` to `eb2d85e` by @dependabot[bot] in dotnet/aspnetcore#63500 * [release/8.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key by @github-actions[bot] in dotnet/aspnetcore#63250 * [release/8.0] Extend Unofficial 1ES template in IdentityModel nightly tests job by @github-actions[bot] in dotnet/aspnetcore#63466 * [release/8.0] Quarantine ResponseBody_WriteContentLength_PassedThrough by @github-actions[bot] in dotnet/aspnetcore#63534 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro[bot] in dotnet/aspnetcore#63261 * [release/8.0] Use wait assert in flaky tests by @ilonatommy in dotnet/aspnetcore#63565 * [release/8.0] Update Microsoft.Build versions by @github-actions[bot] in dotnet/aspnetcore#62507 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#63603 * backport(8.0): Fix runtime architecture detection logic in ANCM by @DeagleGross in dotnet/aspnetcore#63706 **Full Changelog**: dotnet/aspnetcore@v8.0.20...v8.0.21 ## 8.0.20 [Release](https://github.com/dotnet/core/releases/tag/v8.0.20) ## What's Changed * Update branding to 8.0.20 by @vseanreesermsft in dotnet/aspnetcore#63106 * [release/8.0] (deps): Bump src/submodules/googletest from `c67de11` to `373af2e` by @dependabot[bot] in dotnet/aspnetcore#63038 * [release/8.0] Dispose the certificate chain elements with the chain by @MackinnonBuck in dotnet/aspnetcore#62994 * [release/8.0] Update SignalR Redis tests to use internal Docker Hub mirror by @github-actions[bot] in dotnet/aspnetcore#63117 * [release/8.0] [SignalR] Don't throw for message headers in Java client by @github-actions[bot] in dotnet/aspnetcore#62784 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#63152 * [release/8.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in dotnet/aspnetcore#63188 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63189 **Full Changelog**: dotnet/aspnetcore@v8.0.19...v8.0.20 ## 8.0.18 [Release](https://github.com/dotnet/core/releases/tag/v8.0.18) ## What's Changed * Update branding to 8.0.18 by @vseanreesermsft in dotnet/aspnetcore#62241 * [release/8.0] Update Alpine helix references by @github-actions in dotnet/aspnetcore#62243 * [release/8.0] (deps): Bump src/submodules/googletest from `04ee1b4` to `e9092b1` by @dependabot in dotnet/aspnetcore#62201 * [8.0] Delete src/arcade directory by @akoeplinger in dotnet/aspnetcore#61994 * [Backport 8.0] [IIS] Manually parse exe bitness (#61894) by @BrennanConroy in dotnet/aspnetcore#62037 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#62006 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61944 * [release/8.0] Associate tagged keys with entries so replacements are not evicted by @github-actions in dotnet/aspnetcore#62247 * [release/8.0] Block test that is failing after switching to latest-chrome by @github-actions in dotnet/aspnetcore#62284 * backport(net8.0): http.sys on-demand TLS client hello retrieval by @DeagleGross in dotnet/aspnetcore#62290 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#62302 **Full Changelog**: dotnet/aspnetcore@v8.0.17...v8.0.18 ## 8.0.17 ## Bug Fixes - **Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy** ([#61623](dotnet/aspnetcore#61623)) The Forwarded Headers Middleware now ignores `X-Forwarded-Headers` sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests. ## Dependency Updates - **Update dependencies from dotnet/arcade** ([#61832](dotnet/aspnetcore#61832)) This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure. - **Bump src/submodules/googletest from `52204f7` to `04ee1b4`** ([#61761](dotnet/aspnetcore#61761)) The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components. ## Miscellaneous - **Update branding to 8.0.17** ([#61830](dotnet/aspnetcore#61830)) The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation. - **Merging internal commits for release/8.0** ([#61924](dotnet/aspnetcore#61924)) This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date. --- This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests. **Full Changelog**: dotnet/aspnetcore@v8.0.16...v8.0.17 ## 8.0.16 [Release](https://github.com/dotnet/core/releases/tag/v8.0.16) ## What's Changed * Update branding to 8.0.16 by @vseanreesermsft in dotnet/aspnetcore#61283 * [release/8.0] (deps): Bump src/submodules/googletest from `24a9e94` to `52204f7` by @dependabot in dotnet/aspnetcore#61260 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#61281 * [release/8.0] Upgrade to Ubuntu 22 by @wtgodbe in dotnet/aspnetcore#61216 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#60901 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#60926 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61404 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#61398 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#61411 * Revert "Revert "[release/8.0] Update remnants of azureedge.net"" by @wtgodbe in dotnet/aspnetcore#60352 * [release/8.0] Fix preserving messages for stateful reconnect with backplane by @BrennanConroy in dotnet/aspnetcore#61375 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#61442 * fetch TLS client hello message from HTTP.SYS by @BrennanConroy in dotnet/aspnetcore#61494 **Full Changelog**: dotnet/aspnetcore@v8.0.15...v8.0.16 ## 8.0.15 [Release](https://github.com/dotnet/core/releases/tag/v8.0.15) ## What's Changed * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#60355 * Update branding to 8.0.15 by @vseanreesermsft in dotnet/aspnetcore#60784 * Add partitioned to cookie for SignalR browser testing by @BrennanConroy in dotnet/aspnetcore#60728 * [release/8.0] (deps): Bump src/submodules/googletest from `e235eb3` to `24a9e94` by @dependabot in dotnet/aspnetcore#60677 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#60879 **Full Changelog**: dotnet/aspnetcore@v8.0.14...v8.0.15 ## 8.0.14 [Release](https://github.com/dotnet/core/releases/tag/v8.0.14) ## What's Changed * Update branding to 8.0.14 by @vseanreesermsft in dotnet/aspnetcore#60197 * [release/8.0] (deps): Bump src/submodules/googletest from `7d76a23` to `e235eb3` by @dependabot in dotnet/aspnetcore#60150 * [release/8.0] Fix java discovery in IdentityModel pipeline by @wtgodbe in dotnet/aspnetcore#60075 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#60199 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#59922 * [release/8.0] Readd DiagnosticSource to KestrelServerImpl by @github-actions in dotnet/aspnetcore#60203 * [release/8.0] Update to MacOS 15 in Helix by @github-actions in dotnet/aspnetcore#60239 * [release/8.0] Use the latest available JDK by @wtgodbe in dotnet/aspnetcore#60233 * [release/8.0] Fix skip condition for java tests by @github-actions in dotnet/aspnetcore#60243 * [release/8.0] Update list of helix queues to skip by @wtgodbe in dotnet/aspnetcore#60231 * [release/8.0] [Blazor] Allow cascading value subscribers to get added and removed during change notification by @github-actions in dotnet/aspnetcore#57288 * [release/8.0] Update remnants of azureedge.net by @sebastienros in dotnet/aspnetcore#60264 * [release/8.0] Centralize on one docker container by @wtgodbe in dotnet/aspnetcore#60299 * Revert "[release/8.0] Update remnants of azureedge.net" by @wtgodbe in dotnet/aspnetcore#60324 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#60316 **Full Changelog**: dotnet/aspnetcore@v8.0.13...v8.0.14 ## 8.0.13 [Release](https://github.com/dotnet/core/releases/tag/v8.0.13) ## What's Changed * [release/8.0] Update dotnetbuilds CDN to new endpoint by @mmitche in dotnet/aspnetcore#59575 * Update branding to 8.0.13 by @vseanreesermsft in dotnet/aspnetcore#59756 * [release/8.0] Skip MVC template tests on HelixQueueArmDebian12 by @wtgodbe in dotnet/aspnetcore#59295 * [release/8.0] Update OSX helix queue by @github-actions in dotnet/aspnetcore#59742 * [release/8.0] (deps): Bump src/submodules/googletest from `d144031` to `7d76a23` by @dependabot in dotnet/aspnetcore#59678 * [release/8.0] Skip tests on internal queues too by @github-actions in dotnet/aspnetcore#59579 * [release/8.0] Fix Kestrel host header mismatch handling when port in Url by @BrennanConroy in dotnet/aspnetcore#59403 * Migrate off of Debian 11 by @v-firzha in dotnet/aspnetcore#59584 * [release/8.0] Pin to S.T.J 8.0.5 in Analyzers by @wtgodbe in dotnet/aspnetcore#59777 * [release/8.0] [Blazor WASM standalone] Avoid caching `index.html` during development by @github-actions in dotnet/aspnetcore#59349 * Update to Fedora 41 by @BrennanConroy in dotnet/aspnetcore#59817 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in dotnet/aspnetcore#59811 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in dotnet/aspnetcore#59825 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in dotnet/aspnetcore#59864 * [release/8.0] Fix/update docker tags by @wtgodbe in dotnet/aspnetcore#59867 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#59872 **Full Changelog**: dotnet/aspnetcore@v8.0.12...v8.0.13 Commits viewable in [compare view](dotnet/aspnetcore@v8.0.12...v9.0.10). </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.AspNetCore.Mvc.Testing&package-manager=nuget&previous-version=8.0.12&new-version=9.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

feat(HTTP.SYS): on-demand TLS client hello retrieval (#62209)

25aac49

DeagleGross requested review from BrennanConroy, JamesNK, halter73 and mgravell as code owners June 9, 2025 23:32

dotnet-policy-service bot added this to the 8.0.x milestone Jun 9, 2025

DeagleGross changed the title ~~backport(net8.0): http.sys on-demand TLS client hello retrieval~~ [WIP] backport(net8.0): http.sys on-demand TLS client hello retrieval Jun 9, 2025

DeagleGross added 3 commits June 9, 2025 17:21

fix cherry-pick

3552401

setup sample

d1315f0

provide example

b6a8d2e

DeagleGross changed the title ~~[WIP] backport(net8.0): http.sys on-demand TLS client hello retrieval~~ backport(net8.0): http.sys on-demand TLS client hello retrieval Jun 10, 2025

fix build error

e9164ea

BrennanConroy approved these changes Jun 10, 2025

View reviewed changes

joperezr approved these changes Jun 11, 2025

View reviewed changes

joperezr merged commit 9e8ebbf into dotnet:release/8.0 Jun 11, 2025
23 of 25 checks passed

DeagleGross deleted the dmkorolev/releasenet8/httpsys-ondemand-backport branch June 11, 2025 19:03

dotnet-policy-service bot modified the milestones: 8.0.x, 8.0.18 Jun 11, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

backport(net8.0): http.sys on-demand TLS client hello retrieval #62290

backport(net8.0): http.sys on-demand TLS client hello retrieval #62290

Uh oh!

DeagleGross commented Jun 9, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

backport(net8.0): http.sys on-demand TLS client hello retrieval #62290

backport(net8.0): http.sys on-demand TLS client hello retrieval #62290

Uh oh!

Conversation

DeagleGross commented Jun 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Http.Sys on-demand tls client hello bytes fetch to net8.

Description

Customer Impact

Regression?

Risk

Verification

Packaging changes reviewed?

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

DeagleGross commented Jun 9, 2025 •

edited

Loading