Menu
Currently I have an issue and can't find strict answer on it.
I have ASP.NET MVC 5 application targeting 4.6.1 framework and its goal is to work with third party API's that are secured by TLS 1.1/TLS 1.2 protocols.
I have tried to run my application on 2 environments:
The issue is in that when I start it locally ServicePointManager.SecurityProtocol default value is set to Ssl3, Tls, so I can't target API's and have to code it on application start to use TLS 1.1/TLS 1.2: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12.
When application runs on server default value ServicePointManager.SecurityProtocol is set to Tls, Tls11, Tls12, so it works well.
According to documentation applications run on .NET Framework 4.6 or above versions have to use TLS 1.1/TLS 1.2 by default, how it is on remote machine.
Why the default values of ServicePointManager.SecurityProtocol are different? Is it because .NET Framework configuration? Or maybe registry settings? I have searched through it but couldn't find an answer.
252
ServicePointManager. SecurityProtocol . The default value ( SecurityProtocolType. SystemDefault ) will allow the operating system to use whatever versions it knows and has been configured for, including any new versions that may not have existed at the time the app was created.
ServicePointManager is a static class that manages the creation and destruction of ServicePoint instances. The ServicePointManager creates a ServicePoint when the application requests an Internet resource that is not in the collection of existing ServicePoint instances.
MSDN: ServicePointManager.SecurityProtocol Property:
Note that no default value is listed for this property, on purpose. The security landscape changes constantly, and default protocols and protection levels are changed over time in order to avoid known weaknesses. Defaults will vary depending on individual machine configuration, and on which software is installed, and on which patches have been applied.
MSDN Blogs: Support for SSL/TLS protocols on Windows:
On Windows the support for SSL/TLS protocols is tied to the SCHANNEL component. So, if a specific OS version doesn’t support a SSL/TLS version, this means it remains unsupported.
MSDN: Cipher Suites in TLS/SSL (Schannel SSP)
Different Windows versions support different TLS cipher suites and priority order. See the corresponding Windows version for the default order in which they are chosen by the Microsoft Schannel Provider.
In other words: this is determined by your Windows version and its patch level.
But like @Damien said, why would you bother what the default level is?
89
We can update registry like below to let .Net framework use TLS1.1\TLS1.2, a restart is needed.
I've tried, and the value of ServicePointManager.SecurityProtocol in my machine changed from "Ssl3, Tls" to "Tls, Tls11, Tls12":
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
