DnsWebService: Updated StartWebServiceAsync() to check http/2 support for windows to avoid issues when HTTPS is enabled on older OS versions.

2026-02-27 18:24:05 +00:00 · 2024-11-30 13:16:44 +05:30
parent c214d0a99b
commit ed330778f9
1 changed files with 25 additions and 2 deletions
--- a/DnsServerCore/DnsWebService.cs
+++ b/DnsServerCore/DnsWebService.cs
@@ -371,12 +371,29 @@ namespace DnsServerCore
                    if (serverCertificate is null)
                        throw new DnsWebServiceException("Web Service TLS certificate file must contain a certificate with private key.");

+                    bool isSupportedHttp2 = _webServiceEnableHttp3;
+                    if (!isSupportedHttp2)
+                    {
+                        switch (Environment.OSVersion.Platform)
+                        {
+                            case PlatformID.Win32NT:
+                                isSupportedHttp2 = Environment.OSVersion.Version.Major >= 10; //http/2 supported on Windows Server 2016/Windows 10 or later
+                                break;
+
+                            case PlatformID.Unix:
+                                isSupportedHttp2 = true; //http/2 supported on Linux with OpenSSL 1.0.2 or later (for example, Ubuntu 16.04 or later)
+                                break;
+                        }
+                    }
+
                    List<SslApplicationProtocol> applicationProtocols = new List<SslApplicationProtocol>();

                    if (_webServiceEnableHttp3)
                        applicationProtocols.Add(new SslApplicationProtocol("h3"));

-                    applicationProtocols.Add(new SslApplicationProtocol("h2"));
+                    if (isSupportedHttp2)
+                        applicationProtocols.Add(new SslApplicationProtocol("h2"));
+
                    applicationProtocols.Add(new SslApplicationProtocol("http/1.1"));

                    SslServerAuthenticationOptions webServiceSslServerAuthenticationOptions = new SslServerAuthenticationOptions
@@ -389,7 +406,13 @@ namespace DnsServerCore
                    {
                        serverOptions.Listen(webServiceLocalAddress, webServiceTlsPort, delegate (ListenOptions listenOptions)
                        {
-                            listenOptions.Protocols = _webServiceEnableHttp3 ? HttpProtocols.Http1AndHttp2AndHttp3 : HttpProtocols.Http1AndHttp2;
+                            if (_webServiceEnableHttp3)
+                                listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
+                            else if (isSupportedHttp2)
+                                listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
+                            else
+                                listenOptions.Protocols = HttpProtocols.Http1;
+
                            listenOptions.UseHttps(delegate (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken)
                            {
                                return ValueTask.FromResult(webServiceSslServerAuthenticationOptions);