From 3e38b34437b53e4c9eb540ad10e80becdf0dc325 Mon Sep 17 00:00:00 2001
From: Stephen Turner <stephen.turner@citrix.com>
Date: Thu, 6 Aug 2015 16:39:39 +0100
Subject: [PATCH] CA-178981: Make the HTTP API work through XenCenter for TLS
 1.2 servers

---
 CommandLib/thinCLIProtocol.cs | 6 +++---
 XenModel/XenAPI/HTTP.cs       | 3 ++-
 XenOvfTransport/Http.cs       | 3 ++-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/CommandLib/thinCLIProtocol.cs b/CommandLib/thinCLIProtocol.cs
index 7c3bf5269..346980c6a 100644
--- a/CommandLib/thinCLIProtocol.cs
+++ b/CommandLib/thinCLIProtocol.cs
@@ -131,9 +131,9 @@ namespace CommandLib
             	    null
                 );
         	    try
-        	    {
-            	    sslStream.AuthenticateAsClient("");
-        	    }
+        	    {
+                    sslStream.AuthenticateAsClient("", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, true);
+                }
         	    catch (AuthenticationException e){
         		    if (tCLIprotocol.conf.debug) throw e;
         		    tCLIprotocol.dGlobalError("Authentication failed - closing the connection.");
diff --git a/XenModel/XenAPI/HTTP.cs b/XenModel/XenAPI/HTTP.cs
index 0de4e62b3..b8031a48c 100644
--- a/XenModel/XenAPI/HTTP.cs
+++ b/XenModel/XenAPI/HTTP.cs
@@ -35,6 +35,7 @@ using System.Net;
 using System.Net.Sockets;
 using System.Text;
 using System.Net.Security;
+using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Runtime.Serialization;
 
@@ -358,7 +359,7 @@ namespace XenAPI
                 {
                     SslStream sslStream = new SslStream(stream, false,
                         new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
-                    sslStream.AuthenticateAsClient("");
+                    sslStream.AuthenticateAsClient("", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, true);
 
                     stream = sslStream;
                 }
diff --git a/XenOvfTransport/Http.cs b/XenOvfTransport/Http.cs
index cc7ec932e..0f802d765 100644
--- a/XenOvfTransport/Http.cs
+++ b/XenOvfTransport/Http.cs
@@ -37,6 +37,7 @@ using System.Threading;
 using System.IO;
 using System.Net.Security;
 using System.Net.Sockets;
+using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 
@@ -490,7 +491,7 @@ namespace XenOvfTransport
                 SslStream sslStream = new SslStream(stream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
                 try
                 {
-                    sslStream.AuthenticateAsClient("");
+                    sslStream.AuthenticateAsClient("", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, true);
                 }
                 catch
                 {