The default HTTPS address and port have been removed from Kestrel in .NET 7 preview 6. This is step one in https://github.com/dotnet/aspnetcore/issues/42016 which will improve overall developer experience when dealing with HTTPS.
Other (please put exact version in description textbox)
Previous behavior
Previously, if no values for the address and port were specified explicitly but a local development certificate was available, Kestrel would default to binding to both http://localhost:5000 and https://localhost:5001.
New behavior
Users must now manually bind to HTTPS and specify the address and port explicitly, either via the launchSettings.json file, the ASPNETCORE_URLS environment variable, --urls command line argument, urls host configuration key, or via the UseUrls extension method.
HTTP binding is unchanged.
Type of breaking change
[ ] Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
[ ] Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
[X] Behavioral change: Existing code and binaries may experience different run-time behavior.
Reason for change
This current eager binding behavior occurs without regard to the configured environment and can lead to experience issues on developer machines when the certificate has not yet been trusted (i.e. trusted as root cert authority because it's self-signed). Clients often produce poor UX when hitting an HTTPS endpoint with an untrusted certificate, e.g. silent failure, scary error/warning screen, etc.
Recommended action
If you were not using the default https://localhost:5001 binding, no changes are required. However, if you were using this binding, please make sure to review this guide on how you can update your server to enable HTTPS.
Description
The default HTTPS address and port have been removed from Kestrel in .NET 7 preview 6. This is step one in https://github.com/dotnet/aspnetcore/issues/42016 which will improve overall developer experience when dealing with HTTPS.
PR that makes the change: https://github.com/dotnet/aspnetcore/pull/42021
Version
.NET 7 preview 6
Version
Other (please put exact version in description textbox)
Previous behavior
Previously, if no values for the address and port were specified explicitly but a local development certificate was available, Kestrel would default to binding to both http://localhost:5000 and https://localhost:5001.
New behavior
Users must now manually bind to HTTPS and specify the address and port explicitly, either via the
launchSettings.jsonfile, theASPNETCORE_URLSenvironment variable,--urlscommand line argument,urlshost configuration key, or via theUseUrlsextension method.HTTP binding is unchanged.
Type of breaking change
Reason for change
This current eager binding behavior occurs without regard to the configured environment and can lead to experience issues on developer machines when the certificate has not yet been trusted (i.e. trusted as root cert authority because it's self-signed). Clients often produce poor UX when hitting an HTTPS endpoint with an untrusted certificate, e.g. silent failure, scary error/warning screen, etc.
Recommended action
If you were not using the default https://localhost:5001 binding, no changes are required. However, if you were using this binding, please make sure to review this guide on how you can update your server to enable HTTPS.
Affected APIs
N/A