Enable tls13 (#195)

* Change Tls version in get-prereqs.ps1

* Updated TLS version in curl_easy.cpp

* Update curl_easy.cpp

* Update get-prereqs.ps1

* Update buildPipeline.yml

* Update changelog

* Update Azure.DCAP.Windows.nuspec

* Update dcap_provider.rc

* Revert "Update dcap_provider.rc"

This reverts commit 0f28f1d.

* Updating version number.

---------

Co-authored-by: Gunjan Munjal <gumunjal@microsoft.com>

.github/workflows/buildPipeline.yml

@@ -249,9 +249,9 @@ jobs:
     env:
       os: windows
       #Windows VM name must be within 15 characters
-      vmName: winBuildPersSub
+      vmName: winBuildPers
       rgName: dcap-github-actions-agents-rg
-      location: uksouth
+      location: northeurope
       branchName: ${{ github.head_ref }}
 
 

src/Linux/debian/changelog

@@ -1,3 +1,13 @@
+az-dcap-client (1.12.3) stable; urgency=medium
+  * Updating the TLS version to 1.3 to be Azure compliant
+
+-- Gunjan Munjal<gumunjal@microsoft.com>  Fri, 22 December 2023 13:47:00 +0000
+
+az-dcap-client (1.12.2) stable; urgency=medium
+  * Added bypass of primary fetch source if it has failed recently
+
+-- Francisco Javier Ortega Palacios<fortegapalac@microsoft.com>  Wed, 27 September 2023 17:51:00 +0000
+
 az-dcap-client (1.12.1) stable; urgency=medium
   * Removed support for Ubuntu 18.04
   * Added timeout in case local agent does not respond

src/Windows/GeneratePackage/Azure.DCAP.Windows.nuspec

@@ -2,14 +2,13 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
     <metadata>
         <id>Microsoft.Azure.DCAP</id>
-        <version>1.12.1</version>
+        <version>1.12.3</version>
         <!-- Authors contain text that appears directly on the gallery -->
         <authors>Microsoft</authors>
         <owners>Microsoft</owners>
         <requireLicenseAcceptance>false</requireLicenseAcceptance>
         <releaseNotes>
-		Removed Ubuntu 18.04 support
-		Added timeout in case local agent does not respond
+		Updating the TLS version to 1.3 to be Azure compliant 
 	  </releaseNotes>
         <description>
             This library serves as a quoting data provider plugin for the Intel SGX Data Center Attestation Primitives (DCAP). Specifically, the Intel DCAP library will search out and load provider plugins, such as the Azure DCAP Client.

src/Windows/curl_easy.cpp

@@ -230,20 +230,6 @@ std::unique_ptr<curl_easy> curl_easy::create(
             throw_on_error(GetLastError(), "Error %u in WinHttpSetTimeouts.\n");
     }
 
-    // Specify TLS 1.2
-    DWORD protocolOptions =
-        WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 | WINHTTP_FLAG_SECURE_PROTOCOL_SSL3;
-    if (!WinHttpSetOption(
-            curl->sessionHandle.get(),
-            WINHTTP_OPTION_SECURE_PROTOCOLS,
-            &protocolOptions,
-            sizeof(protocolOptions)))
-    {
-        throw_on_error(
-            GetLastError(),
-            "curl_easy::create/WinHttpSetOption(SecureProtocols)");
-    }
-
     if (p_body != nullptr)
     {
         curl->request_body_data = *p_body;

src/Windows/get-prereqs.ps1

@@ -15,8 +15,6 @@ function fetch_from_intel_github
 
 mkdir -Force ext/intel | Out-Null
 
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-
 #fetch_from_intel_github -path SGXDataCenterAttestationPrimitives/0436284f12f1bd5da7e7a06f6274d36b4c8d39f9/QuoteGeneration/quote_wrapper/common/inc/sgx_ql_lib_common.h
 fetch_from_intel_github -path linux-sgx/1ccf25b64abd1c2eff05ead9d14b410b3c9ae7be/common/inc/sgx_report.h
 fetch_from_intel_github -path linux-sgx/1ccf25b64abd1c2eff05ead9d14b410b3c9ae7be/common/inc/sgx_key.h