5

In company that I work we have a product that uses WCF over net.tcp using SSL in .NET Framework 4.0. In a specific client, for security reasons, exists the requirement to disable SSL 2, SSL 3 and TLS 1. The problem is that the communication doesn’t work without TLS 1.0. Can someone tell me Why? I used IISCrypto to disable the above protocols. It's attached in this discussion with the example code. Steps to reproduce the scenario.

  1. Disable the protocols as show in the image below IISCrypto Image

  2. Restart the Computer

  3. Build the solution (check it out https://github.com/juliancorrea/WCFWithSecurity)

  4. Execute the Server.exe

  5. Execute the Client.exe

  6. It’ll show the error below : The caller was not authenticated by the service enter image description here

Julian Corrêa
  • 638
  • 12
  • 25
  • You might also see if you hit this case, http://forums.iis.net/t/1226316.aspx?Disabling+TLS+1+0+breaks+IIS+7+5 – Lex Li Jul 03 '15 at 12:41
  • .NET 4.0 [doesn't support TLS 1.1+](https://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.100).aspx). TLS 1.1 and 1.2 support [were added in .NET 4.5](https://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx). The best option is to upgrade to .NET 4.5. The changes are minimal – Panagiotis Kanavos Jul 03 '15 at 12:43

2 Answers2

1

guys.

After many attempts, the only way to make the WCF run without TLS 1.0, was enabling FIPS.

Follow the link https://stackoverflow.com/a/13635742/1234031 to enable FIPS.

Community
  • 1
  • 1
Julian Corrêa
  • 638
  • 12
  • 25
0

If you have enabled TLS 1.1 and 1.2 on the client, ensure they are also enabled on the server. Some earlier versions of Windows do not have TLS 1.1 and 1.2 enabled by default and will require them to be enabled manually.

Ensure that both the client and server are cabable of TLS 1.1+ encryption, and try your connection again.

Wibbler
  • 1,020
  • 9
  • 17