TLS 1 2 in NET Framework 4 0

Question

I have a Windows server 2008 R2 server running a dozen  NET Framework 4 0 WebForms applications  and I need to disable TLS 1 0 and lower  When I do that  all secure connections fail and I was forced to re-enable TLS 1 0  Is there any way to use TLS 1 2 in a framework 4 0 environment  Perhaps I am missing something   Also  due to limitations of the version CMS we are using  we cannot upgrade the Framework at this time

User · Answer

If you are not able to add a property to system.net class library.

Then, add in Global.asax file:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2
ServicePointManager.SecurityProtocol = (SecurityProtocolType)768; //TLS 1.1

And you can use it in a function, at the starting line:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)768 | (SecurityProtocolType)3072;

And, it's being useful for STRIPE payment gateway, which only supports TLS 1.1, TLS 1.2.

EDIT: After so many questions on .NET 4.5 is installed on my server or not... here is the screenshot of Registry on my production server:

I have only .NET framework 4.0 installed.

registry

User · Answer

The only way I have found to change this is directly on the code     at the very beginning of your app you set   ServicePointManager SecurityProtocol   SecurityProtocolType Tls12    you should include the system net class   I did this before calling a web service because we had to block tls1 too

User · Answer

I meet the same issue on a Windows installed  NET Framework 4 0  And I Solved this issue by installing  NET Framework 4 6 2  Or you may download the newest package to have a try

User · Answer

According to this  you will need  NET 4 5 installed  For more details  visit the webpage  The gist of it is that after you have  NET 4 5 installed  your 4 0 apps will use the 4 5 System dll  You can enable TLS 1 2 in two ways    At the beginning of the application  add this code  ServicePointManager SecurityProtocol    SecurityProtocolType 3072  Set the registry key HKEY LOCAL MACHINE SOFTWARE Microsoft  NETFramework v4 0 30319  SchUseStrongCrypto to DWORD 1

User · Answer

Make the following changes in your Registry and it should work   1    NET Framework strong cryptography registry keys   HKEY LOCAL MACHINE SOFTWARE Microsoft  NETFramework v4 0 30319   SchUseStrongCrypto  dword 00000001   HKEY LOCAL MACHINE SOFTWARE Wow6432Node Microsoft  NETFramework v4 0 30319   SchUseStrongCrypto  dword 00000001   2   Secure Channel  Schannel  TLS 1 2 registry keys   HKEY LOCAL MACHINE SYSTEM CurrentControlSet Control SecurityProviders SCHANNEL Protocols TLS 1 2    HKEY LOCAL MACHINE SYSTEM CurrentControlSet Control SecurityProviders SCHANNEL Protocols TLS 1 2 Client   DisabledByDefault  dword 00000000  Enabled  dword 00000001   HKEY LOCAL MACHINE SYSTEM CurrentControlSet Control SecurityProviders SCHANNEL Protocols TLS 1 2 Server   DisabledByDefault  dword 00000000  Enabled  dword 00000001

User · Answer

I code in VB and was able to add the following line to my Global asax vb file inside of Application Start  ServicePointManager SecurityProtocol   CType 3072  SecurityProtocolType      TLS 1 2

User · Answer

There are two possible scenarios   If your application runs on  net framework 4 5 or less  and you can easily deploy new code to the production then you can use of below solution  You can add the below line of code before making the API call  ServicePointManager SecurityProtocol   SecurityProtocolType Tls12      NET 4 5 ServicePointManager SecurityProtocol    SecurityProtocolType 3072      NET 4 0   If you cannot deploy new code and you want to resolve the issue with the same code which is present in the production  then you have two options    Option 1    HKEY LOCAL MACHINE SOFTWARE Microsoft  NETFramework v4 0 30319   quot SchUseStrongCrypto quot  dword 00000001   HKEY LOCAL MACHINE SOFTWARE Wow6432Node Microsoft  NETFramework v4 0 30319   quot SchUseStrongCrypto quot  dword 00000001    then create a file with extension  reg and install  Note   This setting will apply at registry level and is applicable to all application present on that machine and if you want to restrict to only single application then you can use Option 2 Option 2   This can be done by changing some configuration setting in config file  You can add either in your config file   lt runtime gt       lt AppContextSwitchOverrides value  quot Switch System Net DontEnableSchUseStrongCrypto false quot   gt   lt  runtime gt   or  lt runtime gt     lt AppContextSwitchOverrides value  quot Switch System Net DontEnableSystemDefaultTlsVersions false quot   lt  runtime gt

[asp.net] TLS 1.2 in .NET Framework 4.0

Examples related to asp.net

Examples related to .net-4.0

Examples related to windows-server-2008-r2

Examples related to tls1.2