4

I got TLS 1.0 disabled. So we are trying to use TLS 1.2 in our .Net application which is using .Net Framework 4.0.

I have added the code for this at the start

System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

It works perfectly on my local system.

But i am not sure why its not working when I deploy the code on server (Windows Server 2008 R2). I checked everything. .Net framework is present on server. But still its giving the same issue on server only.

Is there anything I'm missing here?

Improve this question
1

2 Answers 2

Reset to default
6

According to this post:

.NET 4.0 supports up to TLS 1.0 while .NET 4.5 supports up to TLS 1.2

However, an application targeting .NET 4.0 can still support up to TLS 1.2 if .NET 4.5 is installed in the same environment. .NET 4.5 installs on top of .NET 4.0, replacing System.dll.

So basically you need to upgrade your server to .Net 4.5 to enable TLS 1.2.

Also, you can simplify your code and make it more readable:

using System.Net; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Related MSDN articles:

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Does this mean, if I have a WinForms application and need TLS 1.2 support for SOAP requests, that I will have to change it to .NET 4.5 and ensure all users have that framework installed?
Yes, in other way it will not work. If you can do this: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls, this may do a trick, but still probably will crash as you say you got TLS 1.0 get disabled.
SecurityProtocolType.Tls12 doesn't even exist in .NET 4.0 but I can use the int. However it seems there's no way round the fact that users will need .NET 4.5 installed.
If you want TLS 1.2 without code changes, you really want .NET 4.6 or higher. True that TLS 1.2 is supported in .NET 4.5, but not enabled as a communication protocol by default until .NET 4.6. More info here:github.com/TheLevelUp/pos-tls-patcher
It's really not a good idea to hardcode the security protocol in application code. Read TLS best practices with .NET for more info.
|
3

If you want to use TLS 1.2 in existing .NET 4.x code without application code changes, you'll need the following:

  1. Install .NET framework 4.6 or higher. This is needed to use TLS 1.2 as a protocol by default in combination with proper Windows registry keys.

  2. Set the following .NET Framework strong cryptography registry keys:

On 32-bit and 64-bit versions of Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

On 64-bit versions of Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

The WOW6432Node value is used by 32-bit applications when run on a 64-bit system.

For more information see: https://github.com/TheLevelUp/pos-tls-patcher

Update: It's really not a good idea to hardcode the security protocol in application code. You want the OS doing this for you. See Transport Layer Security (TLS) best practices with the .NET Framework for further reading.

Improve this answer

3 Comments

@VijayKumbhoje yes, if you want IIS to use TLS 1.2. However, you probably want to look at upgrading to Windows 10 and latest version of IIS and .NET Framework.
I believe these registry settings are still required then. At least until Microsoft changes them to the be the default behavior which I imagine will eventually happen.
@VijayKumbhoje, this may also help you: nartac.com/Products/IISCrypto

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.