Menu
Click the Windows button on the lower left-hand corner of your Desktop. Type "Internet Options" and select Internet Options from the list. Click on the Advanced tab and from there scroll down to the very bottom. Confirm that TLS 1.2 is checked.
How to enable TLS 1.2. The easiest way to avoid these issues is to upgrade to the latest version of Visual Studio as it already uses TLS 1.2 for all HTTPS connections. If upgrading Visual Studio is not an option, you can set a set a machine-wide registry key to enable TLS 1.2 on all .
We actually just upgraded a .NET web service to 4.6 to allow TLS 1.2.
What Artem is saying were the first steps we've done. We recompiled the framework of the web service to 4.6 and we tried change the registry key to enable TLS 1.2, although this didn't work: the connection was still in TLS 1.0. Also, we didn't want to disallow SLL 3.0, TLS 1.0 or TLS 1.1 on the machine: other web services could be using this; we rolled-back our changes on the registry.
We actually changed the Web.Config files to tell IIS: "hey, run me in 4.6 please".
Here's the changes we added in the web.config + recompilation in .NET 4.6:
<system.web>
<compilation targetFramework="4.6"/> <!-- Changed framework 4.0 to 4.6 -->
<!--Added this httpRuntime -->
<httpRuntime targetFramework="4.6" />
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="4.0"/>
</system.web>
And the connection changed to TLS 1.2, because IIS is now running the web service in 4.6 (told explicitly) and 4.6 is using TLS 1.2 by default.
Add the following code before you instantiate your web service client:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Or for backward compatibility with TLS 1.1 and prior:
System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
if you're using .Net earlier than 4.5 you wont have Tls12 in the enum so state is explicitly mentioned here
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
Three steps needed:
Explicitly mark SSL2.0, TLS1.0, TLS1.1 as forbidden on your server machine, by adding Enabled=0 and DisabledByDefault=1 to your registry (the full path is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols). See screen for details
Explicitly enable TLS1.2 by following the steps from 1. Just use Enabled=1 and DisabledByDefault=0 respectively.
NOTE: verify server version: Windows Server 2003 does not support the TLS 1.2 protocol
Enable TLS1.2 only on app level, like @John Wu suggested above.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Hope this guide helps.
UPDATE As @Subbu mentioned: Official guide
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With