0

Our .net WCF Client, the WebRequest call, compiled to a windows EXE refuses to connect to a web server that surfaces ONLY SSL2. client exe is NET 4.5.2 framework based and being called from a server which comprised TLS1.2 only. Something just opposite to How do I disable SSL fallback and use only TLS for outbound connections in .NET? (Poodle mitigation)

my below .net 4.5.2 based code have no option to call with ssl2

ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Ssl3 | System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Tls12;

Not sure how to get rid with this. Please please help me. As wcf client I am calling from an app server and I can't change app server to make it SSL2 comprised. If I will make it SSL2 comprised, I know call will be done but app server applications security will be a problem. So, as a work around I need to just change a bit of code in my client application only not for the app server

Community
  • 1
  • 1
Ankur Bhutani
  • 3,079
  • 4
  • 29
  • 26
  • from what i've read, ssl 2.0 is not supported – Daniel A. White May 12 '16 at 12:18
  • SSL 2 is really old, so your best bet is to make the server support something more modern, you can read more here (http://security.stackexchange.com/questions/57087/why-is-the-deprecated-ssl-2-0-protocol-considered-insecure-and-how-can-it-be-exp) – Ilya Chernomordik May 12 '16 at 12:24
  • Yeah, you are right. SSL2 is risky and because of this we have already changed our server and application to use TLS1.2. But our application is calling a wcf service which is not TLS1.2 comprised and they cant change their app version of .net and so ssl2 version. So, in our client call we have to make changes such that call can happen. – Ankur Bhutani May 12 '16 at 12:25
  • when I made changes in the registry of our app server to enable ssl2 along with tls1.2 wcf client call was being done. – Ankur Bhutani May 12 '16 at 12:26
  • the changes I will do is kind of work around only as they will also change but not right now – Ankur Bhutani May 12 '16 at 12:29

0 Answers0