Menu
Good afternoon! I use Azure Maps API using HttpClient. How can I enable support of TLS 1.2? As I know in Framework 4.6+ it is supported. And I should not do anything for this to work?
512
There are three tasks for enabling TLS 1.2 on clients: Update Windows and WinHTTP. Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level. Update and configure the .NET Framework to support TLS 1.2.
The returned Httpclient object can now execute HTTP requests. By setting the supported protocols explicitly in the SSLConnectionSocketFactory constructor, the client will only support communication over TLS 1.2 or TLS 1.3.
How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.
TLS 1.2 is automatically enabled in Google Chrome version 29 or greater.
Use ServicePointManager to set the security protocol.
Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.
HttpClient httpClient = new HttpClient();
//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.
Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.
117
In general you do not need to specify any configuration in your application to enable adoption of the latest TLS protocol.
Best practices and scenarios are outlined on docs.microsoft.com for earlier than .Net 4.7.
At high level, you should make audit to make sure your application doesn't take any hard dependency on a lower TLS version. But otherwise no work should be required.
We recommend that you:
- Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
- Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
- Perform a thorough code audit to verify you're not specifying a TLS or SSL version.
When your app lets the OS choose the TLS version:
- It automatically takes advantage of new protocols added in the future, such as TLS 1.3.
- The OS blocks protocols that are discovered not to be secure.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
