1

I have a Server service and a Client service using WCF, both built in C# with .NET version 4.0 and Visual Studio 2010.

I created and installed self-signed SSL and CA certificates on the server. So far so good. Everything works ok. The Client is service is able to communicate with the Server service from a different machine.

However, the connection details show it is using TLS 1.0.

Is there a way to implement TLS 1.1 or 1.2 using DotNet 4.0? It appears not, but I was hoping someone had a technique that worked for them.

Michael-O
  • 18,123
  • 6
  • 55
  • 121
Neil Weicher
  • 2,370
  • 6
  • 34
  • 56
  • The tls1.2 was added with .net4.5. Did you try the answer provided by @Vikrant in this question https://stackoverflow.com/questions/33761919/tls-1-2-in-net-framework-4-0. It will work if you have .net4.5 installed on the hosting machine, while your application can target .net4.0 – vasil oreshenski Feb 14 '18 at 13:05
  • Thanks, yes I already saw a similar thread. I meant is there a way of supporting it on the server side without going to NET 4.5? It seems like the answer is no. – Neil Weicher Feb 14 '18 at 14:18
  • Nothing i am aware of. There is nothing official on the matter from microsoft either. The recommended (probably the only) way is .net4.5 – vasil oreshenski Feb 14 '18 at 14:42
  • You want .NET 4.6 with registry key changes to use TLS 1.2 by default. More info here: https://github.com/TheLevelUp/pos-tls-patcher – user24601 Mar 08 '18 at 03:27
  • https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls – user24601 Mar 16 '18 at 01:50

1 Answers1

0

Yes, it's possible to use TLS 1.1 and 1.2 in a .NET application targetting .NET Framework 4.0, but you will need .NET 4.6 installed (you do not need to target 4.6 in your application). TLS 1.2 was added to .NET 4.5, but TLS 1.2 will not be able to be used without code changes.

If you want existing .NET 4.0 code to use TLS 1.2, you'll need the following:

  1. Install .NET Framework 4.6 or higher. This is needed to use TLS 1.2 as a protocol by default in combination with proper Windows registry keys.

  2. Set the following .NET Framework strong cryptography registry keys:

On 32-bit and 64-bit versions of Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

On 64-bit versions of Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

The WOW6432Node value is used by 32-bit applications when run on a 64-bit system.

For more information see: https://github.com/TheLevelUp/pos-tls-patcher

user24601
  • 1,662
  • 1
  • 12
  • 11