Menu
I've got a Web API that must communicate with a few different services. Currently, I have the Web API set to use the following security protocol:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
When the API calls out to another service via HttpClient (say like Twitter), it will use that protocol. At the same time however, another request may come in to access something from the cloud, which for whatever reason, currently requires TLS (not TLS 1.2). The request to the cloud, before firing out, sets the security protocol again:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
The problem I'm running into is when two separate and unique requests come in, one for Twitter and one for the cloud, the security protocol could switch over to the "wrong one" before it's sent out, causing the request to fail.
Is there a way to set the security protocol on the HttpClient per request so that I'm not swapping around a setting in some singleton somewhere?
833
Use ServicePointManager to set the security protocol. Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object. HttpClient httpClient = new HttpClient(); //specify to use TLS 1.2 as default connection System. Net.
You need TLS 1.2+ support for HttpClient . You don't need TLS 1.2+ support for WebClient .
ServicePointManager. SecurityProtocol . The default value ( SecurityProtocolType. SystemDefault ) will allow the operating system to use whatever versions it knows and has been configured for, including any new versions that may not have existed at the time the app was created.
An HttpClient allows building in a safe immutable way an http client that is materialized and connecting when ClientTransport. connect() is ultimately called. Transfer-Encoding: chunked will be applied for those HTTP methods for which a request body is expected.
You don't need to set it.
You can use:
using System.Net;
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
Additional Notes:
199
There seems to be no way to do this. The SecurityProtocol property is only being used inside the internal TlsStream class in one place:
TlsStream seems to back all the internal TLS connections such as HTTP, FTP and SMTP.
I had hoped that ServicePoint allows you to configure this. For many settings ServicePointManager only provides the default. That hope was unfounded.
So this is quite strong evidence that this is not possible. It's no proof, though.
What should you do? I'd switch out the HTTP client library for the odd server you are talking to. HTTP is not a particularly complicated protocol. I'm sure there's some other implementation available.
Alternatively, use a proxy that terminates the HTTPS connection on your own server. .NET then only deals with HTTP.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
