Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to enable TLS 1.2 in Asp.Net Core 3.1

I am working on Asp.Net Core 3.1 project. I am testing locally. I started getting errors as

Your connection is not fully secure This site uses an outdated security configuration, which may expose your information (for example, passwords, messages or credit cards) when it is sent to this site. NET::ERR_SSL_OBSOLETE_VERSION

The connection used to load this site used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading this site. The server should enable TLS 1.2 or later.

enter image description here

I have even enabled TLS 1.2 from Program.cs as below -

public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.ConfigureKestrel(serverOptions =>
                {
                    serverOptions.ConfigureHttpsDefaults(co =>
                    {
                        co.SslProtocols = SslProtocols.Tls12;
                    });
                }).UseStartup<Startup>();
            });

But still same error.

Can you please guide how to resolve this issue?

like image 640
Vikram Singh Saini Avatar asked Aug 17 '20 12:08

Vikram Singh Saini


1 Answers

In order to fix the error, I tried with the solution. That didn't help. The method I tried was suggested here which, as per author, seem to work for ASP.NET Core 2.0 only.

I take look over configuration options and found that by default ASP.NET Core 3.1 uses TLS 1.1 and TLS 1.2 for requests. So, we need nothing to do from code end.

enter image description here

Eventually, I stumbled over an article that shares-

Windows 7 supports TLS 1.1 and TLS 1.2. But these protocol versions are not enabled on it by default. On Windows 8 and higher these protocol are enabled by default.

So, this was the real cause of the error. I fixed the issue by enabling TLS 1.2 from the registry editor. Even Microsoft suggested the same solution.

Hope it saves somebody else's time.

like image 102
Vikram Singh Saini Avatar answered Sep 28 '22 21:09

Vikram Singh Saini