From ed330778f9fc68ad7eb8d4fe5173db7cab257ecc Mon Sep 17 00:00:00 2001
From: Shreyas Zare <shreyas@technitium.com>
Date: Sat, 30 Nov 2024 13:16:44 +0530
Subject: [PATCH] DnsWebService: Updated StartWebServiceAsync() to check http/2
 support for windows to avoid issues when HTTPS is enabled on older OS
 versions.

---
 DnsServerCore/DnsWebService.cs | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/DnsServerCore/DnsWebService.cs b/DnsServerCore/DnsWebService.cs
index 28e9c47a..ec918020 100644
--- a/DnsServerCore/DnsWebService.cs
+++ b/DnsServerCore/DnsWebService.cs
@@ -371,12 +371,29 @@ namespace DnsServerCore
                     if (serverCertificate is null)
                         throw new DnsWebServiceException("Web Service TLS certificate file must contain a certificate with private key.");
 
+                    bool isSupportedHttp2 = _webServiceEnableHttp3;
+                    if (!isSupportedHttp2)
+                    {
+                        switch (Environment.OSVersion.Platform)
+                        {
+                            case PlatformID.Win32NT:
+                                isSupportedHttp2 = Environment.OSVersion.Version.Major >= 10; //http/2 supported on Windows Server 2016/Windows 10 or later
+                                break;
+
+                            case PlatformID.Unix:
+                                isSupportedHttp2 = true; //http/2 supported on Linux with OpenSSL 1.0.2 or later (for example, Ubuntu 16.04 or later)
+                                break;
+                        }
+                    }
+
                     List<SslApplicationProtocol> applicationProtocols = new List<SslApplicationProtocol>();
 
                     if (_webServiceEnableHttp3)
                         applicationProtocols.Add(new SslApplicationProtocol("h3"));
 
-                    applicationProtocols.Add(new SslApplicationProtocol("h2"));
+                    if (isSupportedHttp2)
+                        applicationProtocols.Add(new SslApplicationProtocol("h2"));
+
                     applicationProtocols.Add(new SslApplicationProtocol("http/1.1"));
 
                     SslServerAuthenticationOptions webServiceSslServerAuthenticationOptions = new SslServerAuthenticationOptions
@@ -389,7 +406,13 @@ namespace DnsServerCore
                     {
                         serverOptions.Listen(webServiceLocalAddress, webServiceTlsPort, delegate (ListenOptions listenOptions)
                         {
-                            listenOptions.Protocols = _webServiceEnableHttp3 ? HttpProtocols.Http1AndHttp2AndHttp3 : HttpProtocols.Http1AndHttp2;
+                            if (_webServiceEnableHttp3)
+                                listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
+                            else if (isSupportedHttp2)
+                                listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
+                            else
+                                listenOptions.Protocols = HttpProtocols.Http1;
+
                             listenOptions.UseHttps(delegate (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken)
                             {
                                 return ValueTask.FromResult(webServiceSslServerAuthenticationOptions);