What version of TLS is used in a .NET application installed on different operating systems

Question

Say I have a standard .NET (4.5) web application that needs to connect to a secure server using TLS.

I want to stop supporting unused or weak protocols and cipher suites in my server and support only the ones which the client also supports (preferably TLS 1.2)

Does the version of TLS (1.0, 1.1 or 1.2) and/or cipher suites in use depend on the operation system or the .NET version?

In other words, will my .NET application use a different cipher suite or TLS version when installed on machines with different Operating systems / updates? Or does the usage of .NET 4.5 ensures that the protocols on every client-server communication will be identical?

Answer 1

Starting with .NET 4.7, .NET uses the operating system's default.

The TLS stack, which is used by System.Net.Security.SslStream and up-stack components such as HTTP, FTP, and SMTP, allows developers to use the default TLS protocols supported by the operating system. Developers need no longer hard-code a TLS version.

Before 4.7, you had to specify the TLS version to use explicitly with

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

For .NET 4.7, ServicePointManager.SecurityProtocol (if not explicitly set) now returns SystemDefault.

BTW the earliest supported .NET version is 4.5.2. Most systems will have a newer version though, installed by other applications or Windows Update. Every version since 4.0 is a binary replacement of the previous.