13

I am running a .Net WCF web service which handles several different request SOAP messages and which is hosted under IIS (version 7). In the case that transport security is used (https) for the web service endpoint, how can i determine the used TLS/SSL version and cipher value of an incoming request SOAP message in this WCF service?

Karel
  • 131
  • 1
  • 3
  • starting bounty, cause i cant find anything... – Dominik Mar 17 '17 at 12:21
  • @Dominik, I think there is some misunderstanding on your side. In typical HTTPS request TLS/SSL version and cipher are negotiated at the beginning of connection being established not sent by client. Moreover, it is typically server that decides what to use. This is so because it typically only server that is being validated not the client. So what exactly do you want to know and how are you going to use this information? – SergGr Mar 17 '17 at 15:50
  • @SergGr In my case I know that the server my WCF-Service is running on supports TLS 1.0 - TLS 1.3. I cannot change the SCHANNEL-Settings on the machine. I still want to refuse all clients to call some methods of my WCF-Service if they are using TLS 1.0 or TLS 1.1. Let the "refuse method call" be my problem. Just tell me where to see which TLS version the current connection is using – Dominik Mar 17 '17 at 22:22
  • Are you using a Load balancer in front of your WCF service? How is your WCF service hosted (On IIS or Self Hosting)? – Rajesh Mar 24 '17 at 09:11
  • @Dominik You can restrict the client to use old security protocol problematically below is the link for the same. http://stackoverflow.com/questions/26389899/how-do-i-disable-ssl-fallback-and-use-only-tls-for-outbound-connections-in-net – Chetan Hirapara Mar 24 '17 at 09:20
  • @ChicksPatel Yes but as you already said that is the client... I have no control over the client. Is it not possible to restrict anything but TLS 1.2 for a WCF-app(server-side!!) per code?? – Dominik Mar 24 '17 at 13:17
  • @Rajesh No I'm not using a Load balancer and it's a self-hostet windows-service – Dominik Mar 27 '17 at 07:42

1 Answers1

0

You can probably create 2 applications - one that only accepts TLS 1.2, and the other that accepts TLS 1.0, 1.1.

To support only TLS 1.2 and no SSL protocols, you can do this:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Andrey Belykh
  • 2,578
  • 4
  • 32
  • 46