Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?
Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1?
No. The default protocols enabled for the various framework versions are:
- .NET Framework 4.5 and 4.5.1: SSLv3 and TLSv1
- .NET Framework 4.5.2: SSLv3, TLSv1, and TLSv1.1
- .NET Framework 4.6 and higher: TLSv1, TLSv1.1, and TLS1.2
Sources: [1] [2] [3]
While Microsoft recommends against explicitly specifying protocol versions in favour of using the operating system's defaults:
To ensure .NET Framework applications remain secure, the TLS version should not be hardcoded. .NET Framework applications should use the TLS version the operating system (OS) supports.
... it's still possible to select which protocols your application supports by using the ServicePointManager
class, specifically by setting the SecurityProtocol
property to the relevant SecurityProtocolType
s.
In your case you would want to use the following:
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Note that TLSv1 and TLSv1.1 are effectively deprecated as of 2020; you should avoid building new applications that rely on these protocols, and make every effort to upgrade applications that currently use them.
Default SecurityProtocol in .NET 4.5
Some of the those leaving comments on other answers have noted that setting System.Net.ServicePointManager.SecurityProtocol
to specific values means that your app won't be able to take advantage of future TLS versions that may become the default values in future updates to .NET. Instead of specifying a fixed list of protocols, do the following:
For .NET 4.7 or later, do not set System.Net.ServicePointManager.SecurityProtocol
. The default value (SecurityProtocolType.SystemDefault
) will allow the operating system to use whatever versions it knows and has been configured for, including any new versions that may not have existed at the time the app was created.
For earlier versions of .NET Framework, you can instead turn on or off protocols you know and care about, leaving any others as they are.
To turn on TLS 1.1 and 1.2 without affecting other protocols:
System.Net.ServicePointManager.SecurityProtocol |=
SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Notice the use of |=
to turn on these flags without turning others off.
To turn off SSL3 without affecting other protocols:
System.Net.ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3;
TLS1.2 negotiation fails within a 4.5.1 application when .net Framework 4.7.2 is installed
Try setting these registry settings:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
Data: 1
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
Value: Enabled
Data: 0
Value: DisabledByDefault
Data: 1
After that, before making your HTTPWebRequest include the ServicePointManager change:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
That should force your application to TLS 1.2. I didn't see anything saying you'd tried all the above at once, and doing this worked for us.
WCF Client in .NET 4.5.1: How to enable TLS 1.2 when WebRequest is used?
You should work with .NET 4.5 or above version and add this line in your code:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Related Topics
Insert Text into the Textbox of Another Application
Htmlagilitypack and Dynamic Content Issue
Returning a String from Pinvoke
Block Request for Multiple Unsuccessful Logins for a Period of Time
Are P/Invoke [In, Out] Attributes Optional for Marshaling Arrays
Piecewise Linear Integer Curve Interpolation in C#/Unity3D
How to Display the Output of SQL "Print" Command in C#
Reading Data from CSV to Screen Output
Preventing SQL Injection on ASP.NET Web Application
How to Add Style from Code Behind