I am working on Asp.Net Core 3.1 project. I am testing locally. I started getting errors as
Your connection is not fully secure This site uses an outdated security configuration, which may expose your information (for example, passwords, messages or credit cards) when it is sent to this site. NET::ERR_SSL_OBSOLETE_VERSION
The connection used to load this site used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading this site. The server should enable TLS 1.2 or later.
I have even enabled TLS 1.2 from Program.cs as below -
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel(serverOptions =>
{
serverOptions.ConfigureHttpsDefaults(co =>
{
co.SslProtocols = SslProtocols.Tls12;
});
}).UseStartup<Startup>();
});
But still same error.
Can you please guide how to resolve this issue?
In order to fix the error, I tried with the solution. That didn't help. The method I tried was suggested here which, as per author, seem to work for ASP.NET Core 2.0 only.
I take look over configuration options and found that by default ASP.NET Core 3.1 uses TLS 1.1 and TLS 1.2 for requests. So, we need nothing to do from code end.
Eventually, I stumbled over an article that shares-
Windows 7 supports TLS 1.1 and TLS 1.2. But these protocol versions are not enabled on it by default. On Windows 8 and higher these protocol are enabled by default.
So, this was the real cause of the error. I fixed the issue by enabling TLS 1.2 from the registry editor. Even Microsoft suggested the same solution.
Hope it saves somebody else's time.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With