Using TLS 1.2 with your .NET App: Legacy apps compliance

 

Recently we had to migrate a whole platform to new hosting and with that - upgrade the Transport Layer Security protocols.
After we did some testing, we found out something quite curious. Internally routed calls, or, simply put, internally called external APIs stopped working. We got a pretty meaningless exception, that after some reading lead us to the culprit.

We were using an old version of .NET, that wasn’t depending on TLS 1.2 by default and we hat to specifically force use of newer version before calling external APIs.

As we were using .NET 4.5, it was quite easy to take care of the problem, but for older versions there are some tricks to it.

Let’s take a look at the required steps for the legacy versions.

  1. .NET 4.6+ TLS 1.2 is the default protocol. No need to do anything.

  2. .NET 4.5 TLS 1.2 is supported, but the default protocol is TLS 1.1. You need to specify the protocol before calls. 

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

  3. .NET 4.0 TLS 1.2 is not supported by default. If you have .NET 4.5 (or above) installed on the system, though you can still specify the TLS 1.2 protocol. The problem is that SecurityProtocolType in .NET 4.0 doesn’t contain an entry for TLS1.2, so you have to use a numerical representation of the enum value: 

    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

  4. .NET 3.5 I’d say you really need to upgrade your framework if you are still using this, but theoretically, after some updates from Microsoft, you can still use the 4.0 approach. Haven’t tested it, though. Let me know if it actually works. The updates specified from Microsoft are:

    • KB3154518 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win7 SP1/Win 2008 R2 SP1

    • KB3154519 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8 RTM/Win 2012 RTM

    • KB3154520 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8.1 RTM/Win 2012 R2 RTM

    • KB3156421 -1605 HotFix Rollup through Windows Update for Windows 10.

I hope this saves some times for some of you out there. It certainly would have saved some of my time.

Software Development, .NETNikolay VasilevC#, Security, TLS1 Comment