dotnet · JunTaoLuo · Jun 19, 2020 · Jun 18, 2020 · Jun 18, 2020 · Jun 18, 2020
diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs
@@ -142,7 +142,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStream(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2));
                 }
             }
@@ -172,7 +172,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStream(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2));
                     Assert.Equal(1, selectorCalled);
                 }
@@ -207,14 +207,14 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStream(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2));
                     Assert.Equal(1, selectorCalled);
                 }
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStream(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2NoExt));
                     Assert.Equal(2, selectorCalled);
                 }
@@ -274,7 +274,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStream(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2));
                     Assert.Equal(1, selectorCalled);
                 }
@@ -340,7 +340,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                     // HttpClient might not send the certificate because it is invalid or it doesn't match any
                     // of the certificate authorities sent by the server in the SSL handshake.
                     var stream = OpenSslStreamWithCert(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     await AssertConnectionResult(stream, true);
                 }
             }
@@ -417,7 +417,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStreamWithCert(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     await AssertConnectionResult(stream, true);
                     Assert.True(clientCertificateValidationCalled);
                 }
@@ -444,7 +444,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStreamWithCert(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     await AssertConnectionResult(stream, false);
                 }
             }
@@ -469,7 +469,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStreamWithCert(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     await AssertConnectionResult(stream, false);
                 }
             }
@@ -494,7 +494,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStreamWithCert(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     await AssertConnectionResult(stream, true);
                 }
             }
@@ -528,7 +528,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
                 using (var connection = server.CreateConnection())
                 {
                     var stream = OpenSslStreamWithCert(connection.Stream);
-                    await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false);
+                    await stream.AuthenticateAsClientAsync("localhost");
                     await AssertConnectionResult(stream, true);
                 }
             }
@@ -609,7 +609,7 @@ void ConfigureListenOptions(ListenOptions listenOptions)
             var sslOptions = new SslClientAuthenticationOptions
             {
                 TargetHost = "localhost",
-                EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11,
+                EnabledSslProtocols = SslProtocols.None,
                 ApplicationProtocols = new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 },
             };
 

diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs
@@ -115,7 +115,8 @@ public void ConfigureCertSelectorNeverLoadsDefaultCert()
             Assert.Null(serverOptions.DefaultCertificate);
         }
 
-        [Fact]
+        [ConditionalFact]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)] // Investigation: https://github.com/dotnet/aspnetcore/issues/22917
         public async Task EmptyRequestLoggedAsDebug()
         {
             var loggerProvider = new HandshakeErrorLoggerProvider();
@@ -142,7 +143,8 @@ public async Task EmptyRequestLoggedAsDebug()
                 userMessage: string.Join(Environment.NewLine, loggerProvider.ErrorLogger.ErrorMessages));
         }
 
-        [Fact]
+        [ConditionalFact]
+        [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)] // Investigation: https://github.com/dotnet/aspnetcore/issues/22917
         public async Task ClientHandshakeFailureLoggedAsDebug()
         {
             var loggerProvider = new HandshakeErrorLoggerProvider();
@@ -415,7 +417,7 @@ public async Task OnAuthenticate_SeesOtherSettings()
                 using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true))
                 {
                     await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null,
-                            enabledSslProtocols: SslProtocols.Tls11 | SslProtocols.Tls12,
+                            enabledSslProtocols: SslProtocols.None,
                             checkCertificateRevocation: false);
                 }
             }
@@ -454,7 +456,7 @@ public async Task OnAuthenticate_CanSetSettings()
                 using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true))
                 {
                     await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null,
-                            enabledSslProtocols: SslProtocols.Tls11 | SslProtocols.Tls12,
+                            enabledSslProtocols: SslProtocols.None,
                             checkCertificateRevocation: false);
                 }
             }

diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs
@@ -55,7 +55,7 @@ public static TheoryData<H2SpecTestCase> H2SpecTestCases
                 var dataset = new TheoryData<H2SpecTestCase>();
                 var toSkip = new string[] { /*"http2/5.1/8"*/ };
 
-                var supportsAlpn = Utilities.CurrentPlatformSupportsAlpn();
+                var supportsAlpn = Utilities.CurrentPlatformSupportsHTTP2OverTls();
 
                 foreach (var testcase in H2SpecCommands.EnumerateTestCases())
                 {

diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs
@@ -42,7 +42,7 @@ public static IEnumerable<object[]> SupportedSchemes
                     new[] { "http" }
                 };
 
-                if (Utilities.CurrentPlatformSupportsAlpn())
+                if (Utilities.CurrentPlatformSupportsHTTP2OverTls())
                 {
                     list.Add(new[] { "https" });
                 }

diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs
@@ -7,10 +7,10 @@ namespace Interop.FunctionalTests
 {
     internal static class Utilities
     {
-        internal static bool CurrentPlatformSupportsAlpn()
+        internal static bool CurrentPlatformSupportsHTTP2OverTls()
         {
-            return // "Missing Windows ALPN support: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation#Support"
-                new MinimumOSVersionAttribute(OperatingSystems.Windows, WindowsVersions.Win81).IsMet
+            return // "Missing Windows ALPN support: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation#Support" or missing compatible ciphers (Win8.1)
+                new MinimumOSVersionAttribute(OperatingSystems.Windows, WindowsVersions.Win10).IsMet
                 // "Missing SslStream ALPN support: https://github.com/dotnet/corefx/issues/30492"
                 && new OSSkipConditionAttribute(OperatingSystems.MacOSX).IsMet
                 // Debian 8 uses OpenSSL 1.0.1 which does not support ALPN