Now that SSL 3 has been found to be vulnerable to the POODLE attack:
What version of SSL/TLS does System.Web.Services.Protocols.SoapHttpClientProtocol use when connecting to any https Uri?
I use SoapHttpClientProtocol to connect to several 3rd party SOAP API's. One of these has now said they will block any request that uses SSL 3. But SoapHttpClientProtocol is part of the .Net core framework (using 4.5) so it is not obvious what version of SSL it uses, or how to override the version.
Note this question is not a duplicate of Which versions of SSL/TLS does System.Net.WebRequest support?. I use several APIs, some are REST (the other question is for those) and some are SOAP (this question is for those)
Decompiling the SoapHttpClientProtocol class reveals that it does indeed use System.Web.WebRequest under the hood.
The various methods for invoking requests (Invoke, InvokeAsync, BeginInvoke) all end up calling GetWebRequest, which calls the base class WebClientProtocol.GetWebRequest, which is where the WebRequest is constructed.
It follows then that answer to What version of SSL/TLS does System.Net.WebRequest use? does also apply here.
SSL version should be driven by static property System.Net.ServicePointManager.SecurityProtocol. In my box it is set to "SSLV3 | TLS". You can set to to TLS12.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With