Replies: 1 comment
-
|
This is a doc problem because they show the HttpProtocols Protocols is public in 2.3.6 that is false. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I wrote code that is working in Kestrel 2.2.0:
// snippet
options.ListenAnyIP(port, listenOptions =>
{
listenOptions.Protocols = httpProtocols;
listenOptions.UseHttps(httpsConnectionAdapterOptions);
});
where httpProtocols = AspNetCore.Server.Kestrel.Core.HttpProtocols.Http1AndHttp2
I've been flagged the 2.2.0 of Kestrel.Core is vulnerable and to upgrade to 2.3.6
For this i need to update Kestrel to 2.3.0 (otherwise, the Core in transitive and is pulled as 2.3.0 - vulnerable)
In Kestrel.Core 2.3.6 the Protocols are internal, not public now:
<>
//
// Summary:
// The protocols enabled on this endpoint.
//
// Remarks:
// Defaults to HTTP/1.x only.
internal HttpProtocols Protocols { get; set; } = HttpProtocols.Http1;
I need to specify the protocols as I have Http v2 in multiple services. I need also to upgrade the nuget because vulnerability.
Any input on this problem?
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions