Gracefully terminate SSL handshake? #63743
Description
Version: ASP.NET Core 9.0.3
I'm using code like this:
builder.WebHost.ConfigureKestrel((b, serverOptions) =>
{
serverOptions.ListenAnyIP(port, listenOptions =>
{
listenOptions.UseHttps(async (SslStream sslStream, SslClientHelloInfo sslClientHelloInfo, object state, CancellationToken cancellationToken) =>
{
if (sslClientHelloInfo.ServerName.IsNullOrEmpty())
throw new Exception();
var cert = await sslManager.LoadCertificate(sslClientHelloInfo.ServerName);
if (cert == null)
throw new Exception();
return new SslServerAuthenticationOptions()
{
ServerCertificate = cert,
};
}, null);
});
});to dynamically serve SSL certs for dynamic domains.
It works great, but I'm facing an issue where I'm receiving a bunch of bogus requests from bots to invalid domains (where cert will equal null because the domain doesn't exist on my platform)
Right now, the logs are getting flooded by the exception thrown by this code, and I also get NRE if I return null or return a new SslServerAuthenticationOptions() with no certificate.
Is there a way to inform Kestrel that I need to drop this connection without it being explicitly an error condition (which produces an exception which floods the logs)?