Is .NET 4.5 (or 4.5.1) capable of being security protocol agnostic?

Question

I read this post about security protocol configuration in .NET - Great stuff, got me unstuck.

This post is a TL;DR, generic version of the specific issue I am having in the linked post.

My question is, is it possible to configure an ASP.NET application such that it is protocol agnostic?

---

In the short term, I can add this line

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;

to get my code working for clients committed to TLS only, but in the future I will need to update this whenever a new protocol comes out. It's hard-coded, which is smelly

As I understand it, adding values to the ServicePointManager.SecurityProtocol collection configures .NET in such a way that it will attempt to renegotiate connections if one protocol fails. I would like it to fall back on the server configuration.

In other words, how can I/is it possible to configure my ASP.NET application such that it will respect the security protocol configuration established by the registry keys that IISCrypto looks at?

Answer 1

I found a solution that removes the responsibility of security protocol configuration from our code and moves it to the registry.

The necessary change is adding the "SchUseStrongCrypto"=dword:00000001 Value to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 Key.

Now it is on our clients who consume this code to properly configure their environment's security protocol, and there is no need to hard-code anything into the ServicePointManager.SecurityProtocol collection.