Fix down-level SSL/TLS version warnings (#3126)

edwardneal · benrr101 · commit 2a8bc399db83 · 2025-03-03T18:56:17.000-06:00
* Added test for downlevel connectivity warning

* Correctly test bit flags for legacy SSL protocol warning

* Corrected warning disablement/restore.
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/DataCommon/ConnectionTestParametersData.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/DataCommon/ConnectionTestParametersData.cs
@@ -4,6 +4,7 @@
 
 using System.Collections.Generic;
 using System.IO;
+using System.Security.Authentication;
 using Microsoft.SqlServer.TDS.PreLogin;
 
 namespace Microsoft.Data.SqlClient.ManualTesting.Tests.DataCommon
@@ -32,11 +33,11 @@ public ConnectionTestParametersData()
             // Test cases possible field values for connection parameters:
             // These combinations are based on the possible values of Encrypt, TrustServerCertificate, Certificate, HostNameInCertificate
             /*
-             * TDSEncryption | Encrypt    | TrustServerCertificate | Certificate  | HNIC         | TestResults
-             * ----------------------------------------------------------------------------------------------
-             *   Off         | Optional   |  true                  | valid        | valid name   | true
-             *   On          | Mandatory  |  false                 | mismatched   | empty        | false
-             *   Required    |            |    x                   | ChainError?  | wrong name?  | 
+             * TDSEncryption | Encrypt    | TrustServerCertificate | Certificate  | HNIC         | SSL Protocols    | TestResults
+             * ---------------------------------------------------------------------------------------------------------------
+             *   Off         | Optional   |  true                  | valid        | valid name   | TLS 1.2          | true
+             *   On          | Mandatory  |  false                 | mismatched   | empty        | TLS 1.0, TLS 1.1 | false
+             *   Required    |            |    x                   | ChainError?  | wrong name?  |                  |
              */
             ConnectionTestParametersList = new List<ConnectionTestParameters>
             {
@@ -78,6 +79,21 @@ public ConnectionTestParametersData()
                 new(TDSPreLoginTokenEncryptionType.On, SqlConnectionEncryptOption.Mandatory, true, s_mismatchedcert, _empty, true),
                 new(TDSPreLoginTokenEncryptionType.Required, SqlConnectionEncryptOption.Mandatory, false, s_mismatchedcert, _empty, false),
                 new(TDSPreLoginTokenEncryptionType.Required, SqlConnectionEncryptOption.Mandatory, true, s_mismatchedcert, _empty, true),
+
+                // Multiple SSL protocols test
+#pragma warning disable CA5397 // Do not use deprecated SslProtocols values
+#pragma warning disable CA5398 // Avoid hardcoded SslProtocols values
+#if NET
+#pragma warning disable SYSLIB0039 // Type or member is obsolete: TLS 1.0 & 1.1 are deprecated
+#endif
+                new(TDSPreLoginTokenEncryptionType.Off, SqlConnectionEncryptOption.Mandatory, false, s_fullPathToCer, _empty, SslProtocols.Tls | SslProtocols.Tls11, true),
+                new(TDSPreLoginTokenEncryptionType.On, SqlConnectionEncryptOption.Mandatory, false, s_fullPathToCer, _empty, SslProtocols.Tls | SslProtocols.Tls11, true),
+                new(TDSPreLoginTokenEncryptionType.Required, SqlConnectionEncryptOption.Mandatory, false, s_fullPathToCer, _empty, SslProtocols.Tls | SslProtocols.Tls11, true),
+#if NET
+#pragma warning restore SYSLIB0039 // Type or member is obsolete: TLS 1.0 & 1.1 are deprecated
+#endif
+#pragma warning restore CA5397 // Do not use deprecated SslProtocols values
+#pragma warning restore CA5398 // Avoid hardcoded SslProtocols values
             };
         }
     }
