I have a .NET MVC web application (written in C#) that is hosted on Azure as a web site. I don't (yet) want to exclude consumers using TLS 1.0, but I would like to KNOW if there is a connection to my site that gets negotiated at TLS 1.0 so I can log it. Is there a way in my controller code to determine what the negotiated security protocol is? Some way of getting the actual connection information from the HTTP request, and ability to determine the actual security protocol in use?
Asked
Active
Viewed 577 times
2
-
This isn't your codes job. The hosting environment should deal with this. You can disable this in IIS. even if you do code this, it won't be as robust as a protocol based solution. Basically, don't do this, simply configure your server/firewall to not accept invalid connections – Liam Mar 21 '17 at 15:18
-
This might be interesting to read for you: http://stackoverflow.com/q/25009018/5311735 – Evk Mar 21 '17 at 15:20
-
Liam if you need to contact the ones who needs to upgrade before you can exclude lower tls version, then it IS actually you codes job to pair tls version with consumer data. – Stephan Møller Jun 25 '18 at 04:46