Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

Question

I have an ASP.NET Core 2.0 REST server running fine, but I need to restrict access to TLS1.2 - how do I do this? Can't seem to find any documentation on it. Server is running on Kestrel. Thanks!

score 17 · Accepted Answer · answered Oct 19 '17 at 15:03

There's a UseHttps overload that allows you to provide a HttpsConnectionAdapterOptions instance to configure this. Here's an example of what this might look like in your case:

listenOptions.UseHttps(new HttpsConnectionAdapterOptions
{
    ...
    SslProtocols = SslProtocols.Tls12
});

For reference, SslProtocols defaults to SslProtocols.Tls12 | SslProtocols.Tls11.

score 6 · Answer 2 · edited Nov 10 '22 at 08:53

6

.NET Core 2.1 Kestrel config:

.UseKestrel(c =>
            {
                c.ConfigureHttpsDefaults(opt =>
                {
                    opt.SslProtocols = SslProtocols.Tls12;
                });
            })

edited Nov 10 '22 at 08:53

Arialdo Martini

4,427
3
31
42

answered Aug 30 '18 at 11:25

Greg

181
3
11

score 0 · Answer 3 · edited Nov 10 '22 at 08:53

In .NET Core 3.1, you can force TLS 1.2 by adding code below inside ConfigureWebHostDefaults in Program.cs

   webBuilder.UseKestrel(opt =>
                    {
                        opt.AddServerHeader = false;
                        opt.ConfigureHttpsDefaults(s =>
                        {
                            s.SslProtocols = SslProtocols.Tls12;
                        });
                    });

Image below for full code visiblity:

Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

3 Answers3

Linked