Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

I have an ASP.NET Core 2.0 REST server running fine, but I need to restrict access to TLS1.2 - how do I do this? Can't seem to find any documentation on it. Server is running on Kestrel. Thanks!

like image 570
Giallo Avatar asked Oct 19 '17 14:10

Giallo


People also ask

How do I enable TLS 1.2 for API call in asp net 2.0 application?

Create a new separate project in asp.net higher version. Add new Web Service or WebAPI(Later we will consume it in the main project). Write down a particular code here and call particular API which needs to validate with TLS 1.2. Now Deploy this web service/WebAPI and consume in the main project.

How do I enable TLS 1.2 in Visual Studio?

How to enable TLS 1.2. The easiest way to avoid these issues is to upgrade to the latest version of Visual Studio as it already uses TLS 1.2 for all HTTPS connections. If upgrading Visual Studio is not an option, you can set a set a machine-wide registry key to enable TLS 1.2 on all .


2 Answers

There's a UseHttps overload that allows you to provide a HttpsConnectionAdapterOptions instance to configure this. Here's an example of what this might look like in your case:

listenOptions.UseHttps(new HttpsConnectionAdapterOptions
{
    ...
    SslProtocols = SslProtocols.Tls12
});

For reference, SslProtocols defaults to SslProtocols.Tls12 | SslProtocols.Tls11.

like image 81
Kirk Larkin Avatar answered Oct 25 '22 06:10

Kirk Larkin


.net core 2.1 Kestrel config:

.UseKestrel(c =>
            {
                c.ConfigureHttpsDefaults(opt =>
                {
                    opt.SslProtocols = SslProtocols.Tls12;
                });
            })
like image 33
Greg Avatar answered Oct 25 '22 05:10

Greg