Update .Net Web Service to Use Tls 1.2

Update .NET web service to use TLS 1.2

We actually just upgraded a .NET web service to 4.6 to allow TLS 1.2.

What Artem is saying were the first steps we've done. We recompiled the framework of the web service to 4.6 and we tried change the registry key to enable TLS 1.2, although this didn't work: the connection was still in TLS 1.0. Also, we didn't want to disallow SLL 3.0, TLS 1.0 or TLS 1.1 on the machine: other web services could be using this; we rolled-back our changes on the registry.

We actually changed the Web.Config files to tell IIS: "hey, run me in 4.6 please".

Here's the changes we added in the web.config + recompilation in .NET 4.6:

<system.web>
    <compilation targetFramework="4.6"/> <!-- Changed framework 4.0 to 4.6 -->

    <!--Added this httpRuntime -->
    <httpRuntime targetFramework="4.6" />

    <authentication mode="Windows"/>
    <pages controlRenderingCompatibilityVersion="4.0"/>
</system.web>

And the connection changed to TLS 1.2, because IIS is now running the web service in 4.6 (told explicitly) and 4.6 is using TLS 1.2 by default.

How to enable TLS 1.2 in Asp.Net Core 3.1

In order to fix the error, I tried with the solution. That didn't help. The method I tried was suggested here which, as per author, seem to work for ASP.NET Core 2.0 only.

I take look over configuration options and found that by default ASP.NET Core 3.1 uses TLS 1.1 and TLS 1.2 for requests. So, we need nothing to do from code end.

Eventually, I stumbled over an article that shares-

Windows 7 supports TLS 1.1 and TLS 1.2. But these protocol versions
are not enabled on it by default. On Windows 8 and higher these
protocol are enabled by default.

So, this was the real cause of the error. I fixed the issue by enabling TLS 1.2 from the registry editor. Even Microsoft suggested the same solution.

Hope it saves somebody else's time.

TLS 1.2 in .NET Framework 4.0

The only way I have found to change this is directly on the code :

at the very beginning of your app you set

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

you should include the system.net class

I did this before calling a web service because we had to block tls1 too.

.NET dll using different TLS versions

Hum, I did not think that VBA/Office being the host program would change the TLS settings. But you could consider trying this registry edit:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
  "SystemDefaultTlsVersions" = dword:00000001
  "SchUseStrongCrypto" = dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
  "SystemDefaultTlsVersions" = dword:00000001
  "SchUseStrongCrypto" = dword:00000001

I believe you also have to re-start your computer for above to take effect.

supporting TLS 1.2 in HttpClient C#

In general you do not need to specify any configuration in your application to enable adoption of the latest TLS protocol.

Best practices and scenarios are outlined on docs.microsoft.com for earlier than .Net 4.7.

At high level, you should make audit to make sure your application doesn't take any hard dependency on a lower TLS version. But otherwise no work should be required.

We recommend that you:

• Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
• Do not specify the TLS version. Configure your code to let the OS decide on the TLS
  version.
• Perform a thorough code audit to verify you're not specifying a TLS or SSL version.

When your app lets the OS choose the TLS version:

• It automatically takes advantage of new protocols added in the future,
  such as TLS 1.3.
• The OS blocks protocols that are discovered not to be secure.

---

Related Topics