Is Tls 1.1 and Tls 1.2 Enabled by Default for .Net 4.5 and .Net 4.5.1

Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?

Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1?

No. The default protocols enabled for the various framework versions are:

• .NET Framework 4.5 and 4.5.1: SSLv3 and TLSv1
• .NET Framework 4.5.2: SSLv3, TLSv1, and TLSv1.1
• .NET Framework 4.6 and higher: TLSv1, TLSv1.1, and TLS1.2

Sources: [1] [2] [3]

While Microsoft recommends against explicitly specifying protocol versions in favour of using the operating system's defaults:

To ensure .NET Framework applications remain secure, the TLS version should not be hardcoded. .NET Framework applications should use the TLS version the operating system (OS) supports.

... it's still possible to select which protocols your application supports by using the ServicePointManager class, specifically by setting the SecurityProtocol property to the relevant SecurityProtocolTypes.

In your case you would want to use the following:

System.Net.ServicePointManager.SecurityProtocol =
    SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Note that TLSv1 and TLSv1.1 are effectively deprecated as of 2020; you should avoid building new applications that rely on these protocols, and make every effort to upgrade applications that currently use them.

Default SecurityProtocol in .NET 4.5

Some of the those leaving comments on other answers have noted that setting System.Net.ServicePointManager.SecurityProtocol to specific values means that your app won't be able to take advantage of future TLS versions that may become the default values in future updates to .NET. Instead of specifying a fixed list of protocols, do the following:

For .NET 4.7 or later, do not set System.Net.ServicePointManager.SecurityProtocol. The default value (SecurityProtocolType.SystemDefault) will allow the operating system to use whatever versions it knows and has been configured for, including any new versions that may not have existed at the time the app was created.

For earlier versions of .NET Framework, you can instead turn on or off protocols you know and care about, leaving any others as they are.

To turn on TLS 1.1 and 1.2 without affecting other protocols:

System.Net.ServicePointManager.SecurityProtocol |= 
    SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Notice the use of |= to turn on these flags without turning others off.

To turn off SSL3 without affecting other protocols:

System.Net.ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3;

TLS1.2 negotiation fails within a 4.5.1 application when .net Framework 4.7.2 is installed

Try setting these registry settings:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
   Value: SchUseStrongCrypto 
     Data: 1

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server    
   Value: Enabled
     Data: 0
   Value: DisabledByDefault
     Data: 1

After that, before making your HTTPWebRequest include the ServicePointManager change:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

That should force your application to TLS 1.2. I didn't see anything saying you'd tried all the above at once, and doing this worked for us.

WCF Client in .NET 4.5.1: How to enable TLS 1.2 when WebRequest is used?

You should work with .NET 4.5 or above version and add this line in your code:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

---

Related Topics