Skip to content

Remove Windows 7 support code from System.Net.Security#124555

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/remove-windows-7-support-code
Draft

Remove Windows 7 support code from System.Net.Security#124555
Copilot wants to merge 2 commits intomainfrom
copilot/remove-windows-7-support-code

Conversation

Copy link
Contributor

Copilot AI commented Feb 18, 2026

Description

Windows 7 is no longer a supported OS. Remove Win7-specific code paths, dead branches, and outdated comments from System.Net.Security.

Product code

  • SslCertificateTrust.cs: Replace IsWindowsVersionAtLeast(6, 2) guard with IsWindows() — the version check only excluded Win7, which is no longer reachable. Remove unused System.Runtime.Versioning using.
  • SslAuthenticationOptions.cs: Remove comment about SSL2+TLS1.2 incompatibility on pre-Win10 (code stays, it's still correct).
  • ExtendedProtectionPolicy.cs: Update "Win7+" comment to "Windows".
  • SslStreamPal.Windows.cs: Clarify legacy SCHANNEL_CRED comment — it's for older Win10 builds (pre-18836), not Win7.

Test code

  • TestConfiguration.cs: Remove dead !PlatformDetection.IsWindows10OrLater branch in null encryption detection.
  • SslStreamSystemDefaultsTest.cs: Simplify IsWindows && WindowsVersion >= 10 to IsWindows.
  • SslStreamCredentialCacheTest.cs: Update comment referencing Win8 behavioral change from Win7.

Note: The SCHANNEL_CRED / UseNewCryptoApi dual-path remains — it serves Win10 builds before 18836 (pre-TLS 1.3), not Win7.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • linux.contoso.com
    • Triggering command: /home/REDACTED/work/runtime/runtime/artifacts/bin/testhost/net11.0-linux-Debug-x64/dotnet /home/REDACTED/work/runtime/runtime/artifacts/bin/testhost/net11.0-linux-Debug-x64/dotnet exec --runtimeconfig /home/REDACTED/work/runtime/runtime/artifacts/bin/System.Net.Security.Tests/Debug/net11.0-unix/System.Net.Security.Tests.runtimeconfig.json --depsfile /home/REDACTED/work/runtime/runtime/artifacts/bin/System.Net.Security.Tests/Debug/net11.0-unix/System.Net.Security.Tests.deps.json /home/REDACTED/work/runtime/runtime/artifacts/bin/System.Net.Security.Tests/Debug/net11.0-unix/Microsoft.DotNet.RemoteExecutor.dll System.Net.Security.Tests, Version=11.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 System.Net.Security.Tests.NegotiateAuthenticationKerberosTest+<>c <Loopback_Success>b__2_0 /tmp/zgz05m42.2dx TZ ime/�� -f System.IO.Por-DTARGET_LINUX ime/src/native H TURE_DISTRO_AGNO/home/REDACTED/work/runtime/runtime/.dotnet/dotnet Y_INTERNAL inja THOST_EXPORT -DR-D_TIME_BITS=64 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:


✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @karelz, @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

- SslCertificateTrust.cs: Replace IsWindowsVersionAtLeast(6, 2) with IsWindows()
- SslAuthenticationOptions.cs: Remove obsolete comment about SSL2 on pre-Win10
- ExtendedProtectionPolicy.cs: Update "Win7+" comment to "Windows"
- SslStreamPal.Windows.cs: Update legacy API comment to "older Windows 10"
- TestConfiguration.cs: Remove dead pre-Win10 null encryption branch
- SslStreamSystemDefaultsTest.cs: Simplify WindowsVersion >= 10 to IsWindows
- SslStreamCredentialCacheTest.cs: Update Win8 behavior comment

Co-authored-by: rzikm <32671551+rzikm@users.noreply.github.com>
Copilot AI changed the title [WIP] Remove unsupported Windows 7 code in System.Net.Security Remove Windows 7 support code from System.Net.Security Feb 18, 2026
Copilot AI requested a review from rzikm February 18, 2026 15:00
}

// This is legacy crypto API used on .NET Framework and older Windows versions.
// This is legacy crypto API used on older Windows 10 versions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// This is legacy crypto API used on older Windows 10 versions.
// This is legacy crypto API used on older Windows versions.

get
{
// .NET Core is supported only on Win7+ where ExtendedProtection is supported.
// .NET is supported only on Windows where ExtendedProtection is supported.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// .NET is supported only on Windows where ExtendedProtection is supported.
// ExtendedProtection is supported on all Windows versions supported by current .NET version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments