How to implement "SecurityProtocolType.Ssl, Ssl1, Ssl2, Ssl3; " through web.config not in global.asax.cs

Question

My question is simple, I have read these two main pages :

• The request was aborted: Could not create SSL/TLS secure channel
• MSDN - Element

But from the first link, it's showing configuration for SecurityProtocol set in global.asax.cs for solving

"System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel."

Here, I want this config is set in web.config / app.config, just for making it a little specific for own project not for all asp.net projects... Then I think the second link {msdn.microsoft.com.....} is the way, but the SSL/TLS error is still there... So my question how to implement following through web.config?

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
        | SecurityProtocolType.Tls11
        | SecurityProtocolType.Tls12
        | SecurityProtocolType.Ssl3;

I have read this page too Force by config to use tls 1.0 in a wcf client c#, but there are no answers.

and then... I just found these pages :

• https://msdn.microsoft.com/en-us/library/ms731328(v=vs.110).aspx
• https://msdn.microsoft.com/en-us/library/ms731377(v=vs.100).aspx

then I implement my custom binding like this :

<customBinding >
      <binding name="SureTaxSoap">                  
           <sslStreamSecurity requireClientCertificate="true"   sslProtocols="Ssl3|Tls|Tls11|Tls12" >                    
                </sslStreamSecurity>
            </binding>
</customBinding>

but sslProtocols="Ssl3|Tls|Tls11|Tls12" is unidentified

Answer 1

Typically, enums are converted from strings in the web.config, using Enum.Parse or Enum.TryParse. I expect (but have not checked the reference source to confirm) that the same is true for the WCF settings.

Enum.Parse uses a comma to separate flags-based enum values, but can also parse the equivalent integer values as strings, if need be.

Therefore, if your problem is concatenating the flags-based enum values in the web.config setting, you may be able to do so using comma to separate, e.g.:

sslProtocols="SSl3, Tls"
sslProtocols="SSl3, Tls, Tls11, Tls12"

Or, if your problem is that Tls12 is not a recognised value, then this was only added in .NET 4.5. If you are compiling for .NET 4.0, then it won't parse as a named enum. However, .NET 4.5 is an in-place update to 4.0, so if you have 4.5 installed you may be able to parse the numeric value:

sslProtocols="4080"

This is taken from the sum of all the numeric values for the System.Net.SecurityProtocolType enum. These numeric values are also the same as the values in System.Security.Authentication.SslProtocols and System.IdentityModel.SchProtocols, so I'm going to guess that they are the same in your case.

Ssl3 = 48,
Tls = 192,
Tls11 = 768,
Tls12 = 3072

Of course, if it is available to you, it might be cleaner to upgrade to at least Visual Studio 2012 / .NET 4.5, where the named strings should become available.

Answer 2

I have experienced the same and I made it work by using only one SSL/TLS protocol.

For example, sslProtocols="Tls12", if you need the strongest security protocol.

Otherwise, if we don't need to specify SSL Protocol, the default will be TLS1 in .Net4.5

Answer 3

sslProtocols="Ssl3|Tls|Tls11|Tls12"is invalid(in web.config) in Visual Studio 2012(.Net Framework 4.5)

But it is available in Visual Studio 2015(.Net Framework 4.5.2)