Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

Question

I have an ASP.NET Core 2.0 REST server running fine, but I need to restrict access to TLS1.2 - how do I do this? Can't seem to find any documentation on it. Server is running on Kestrel. Thanks!

Kirk Larkin · Accepted Answer · 2017-10-19 15:03:37Z

There's a UseHttps overload that allows you to provide a HttpsConnectionAdapterOptions instance to configure this. Here's an example of what this might look like in your case:

listenOptions.UseHttps(new HttpsConnectionAdapterOptions { ... SslProtocols = SslProtocols.Tls12 });

For reference, SslProtocols defaults to SslProtocols.Tls12 | SslProtocols.Tls11.

Arialdo Martini · Accepted Answer · 2022-11-10 08:53:11Z

6

.NET Core 2.1 Kestrel config:

.UseKestrel(c => { c.ConfigureHttpsDefaults(opt => { opt.SslProtocols = SslProtocols.Tls12; }); })

edited Nov 10, 2022 at 8:53

Arialdo Martini

4,5873 gold badges35 silver badges42 bronze badges

answered Aug 30, 2018 at 11:25

Greg

1814 silver badges11 bronze badges

Comments

Arialdo Martini · Accepted Answer · 2022-11-10 08:53:32Z

In .NET Core 3.1, you can force TLS 1.2 by adding code below inside ConfigureWebHostDefaults in Program.cs

 webBuilder.UseKestrel(opt => { opt.AddServerHeader = false; opt.ConfigureHttpsDefaults(s => { s.SslProtocols = SslProtocols.Tls12; }); });

Image below for full code visiblity:

Collectives™ on Stack Overflow

Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

3 Answers 3

Comments

Comments

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

Comments

Comments

Comments

Linked

Related