5

Now that SSL 3 has been found to be vulnerable to the POODLE attack:

What version of SSL/TLS does System.Web.Services.Protocols.SoapHttpClientProtocol use when connecting to any https Uri?

I use SoapHttpClientProtocol to connect to several 3rd party SOAP API's. One of these has now said they will block any request that uses SSL 3. But SoapHttpClientProtocol is part of the .Net core framework (using 4.5) so it is not obvious what version of SSL it uses, or how to override the version.

Note this question is not a duplicate of Which versions of SSL/TLS does System.Net.WebRequest support?. I use several APIs, some are REST (the other question is for those) and some are SOAP (this question is for those)

Community
  • 1
  • 1
JK.
  • 21,477
  • 35
  • 135
  • 214
  • 1
    Although this question isn't a duplicate of the other one mentioned, the same answer will apply. – Gareth Williams Oct 17 '14 at 19:48
  • 1
    Not necessarily. The same answer will apply if SOAP uses WebRequest under the hood. If it does not then there could easily be a different answer. – JK. Oct 18 '14 at 00:17

2 Answers2

3

Decompiling the SoapHttpClientProtocol class reveals that it does indeed use System.Web.WebRequest under the hood.

The various methods for invoking requests (Invoke, InvokeAsync, BeginInvoke) all end up calling GetWebRequest, which calls the base class WebClientProtocol.GetWebRequest, which is where the WebRequest is constructed.

It follows then that answer to What version of SSL/TLS does System.Net.WebRequest use? does also apply here.

Community
  • 1
  • 1
Paul Melliere
  • 31
  • 3
1

SSL version should be driven by static property System.Net.ServicePointManager.SecurityProtocol. In my box it is set to "SSLV3 | TLS". You can set to to TLS12.

xav
  • 812
  • 8
  • 9