Implementing TLS 1.2 on .NET Framework 3.5 while connecting to payment gateway

Question

Closing update As I've announced in a comment below, I've decided to stop fighting this issue since I'm pretty sure I can't fix it because of the imposibility to access the source code for the website. I've assumed most of the problems I'm facing are caused by a not-working-well decompiling process, so I don't find any reason to continue dealing with it at least for now. Thanks a lot to everybody that has read, thought in or tried to help me with this. I don't find a way of closing this question, probably due to my lack of privileges as a "new" user, so if someone with privileges read this and can help to close it, it will be appreciated :-)

Good morning. As this is my first post here I'd like to start thanking all of you for all your patient, empathic and priceless help. Now let's try to explain my situation as clear as possible: as many other people, I'm suffering the problem caused by TLS 1.2 standard: now I can't connect to our payment gateway (Realex Payments, in case it makes any difference) as they are rejecting all non-TLS 1.2 connections. I've "inherited" a complete website with tons of C# .NET deployed code (which, to be honest, I definetely don't master), so my first movements where to download all this code from the server and decompiled the dll files using .NET Reflector 9.0. The system is developed under .NET 3.5 framework, and I promise I read a lot about it here, in Microsoft support sites and throughout the web. The best solutions I could find came from this 2 posts here:

.NET Framework 3.5 and TLS 1.2

How to implement Security Protocols TLS 1.2 in .Net 3.5 framework

which basically have the same answer from D_Bester.

The problem I'm finding is that, when I try to paste this C# code:

    public const SslProtocols _Tls12 = (SslProtocols)0x00000C00;
    public const SecurityProtocolType Tls12 = (SecurityProtocolType)_Tls12;
    ServicePointManager.SecurityProtocol = Tls12

before my httpwebrequest as the author pointed at, VS 2015 shows an error in the third sentence saying that

"The name 'ServicePointManager.SecurityProtocol' does not exist in the current context.

The name 'SecurityProtocol' does not exist in the current context."

More info in case it helps: I can't apply patches or edit registry as this whole site is hosted in an online hosting, but when we first faced this issue we asked them to migrate our contents to a new server supporting .Net framework 4.5.

Trying to follow the code and other solutions found, I've edited my SslProtocols.cs file manually adding the newer protocols to the enumeration like this:

    namespace System.Security.Authentication
    {
        using System;

        [Flags]
        public enum SslProtocols
        {
            Default = 240,
            None = 0,
            Ssl2 = 12,
            Ssl3 = 48,
            Tls = 192,
            Tls11 = 768,
            Tls12 = 3072
                }
    }

but ServicePointManager.cs seems to not recognize my update since in one of the methods it uses as a parameter 'SslProtocols.Tls12' and it doesn't accept Tls12, just the original ones (Default, None, Ssl2, Ssl3 and Tls) so I might have to update that anywhere alse. I also tried adding Tls12 to SecurityProtocolType.cs enumeration and to SecurityProtocolTypeExtensions.cs, all this following indications from a source I'm not able to find now (I'd swear I had bookmarked but apparently I haven't).

I edit to add my list of imports in case it helps:

    using System;
    using System.Collections.Specialized;
    using System.ComponentModel;
    using System.Globalization;
    using System.IO;
    using System.Net;
    using System.Net.Cache;
    using System.Runtime.CompilerServices;
    using System.Runtime.InteropServices;
    using System.Security;
    using System.Security.Authentication;
    using System.Security.Permissions;
    using System.Text;
    using System.Threading;

Any ideas? Or might I need to provide any additional info?

Thanks for your answer. I did actually, and I'll edit my first post with my imports in case it helps. — daruniom, Mar 06 '18 at 19:46
I'm not able to recreate that issue in a project targeting .Net 3.5. — Crowcoder, Mar 06 '18 at 19:52
I think I have to "define" Tls12 anywhere else, I mean, in another file or maybe configuration, but I have no idea of where. Thanks anyway for trying ;-) — daruniom, Mar 06 '18 at 19:55

score 0 · Answer 1 · answered Mar 06 '18 at 19:45

0

Daruniom,

As you mentioned that registry entries and service packs are not an option the only solution you are left with is to migrate to 4.0 or later version of .NET framework. The "SecurityProtocolType.Tls12" is available in 4.5 version of .NET framework.

answered Mar 06 '18 at 19:45

Rohit Sharma

21
3

But in the links I mention they say it is possible to force Tls12 under 3.5 Framework. Am I wrong or did I misunderstand something? – daruniom Mar 06 '18 at 19:51
It is but then you have to deploy few patches. There is no enum, as such, available in 3.5 – Rohit Sharma Mar 07 '18 at 20:41

score 0 · Answer 2 · answered Jul 26 '18 at 17:08

Assuming that all you need is definition of Tls12 and access to ServicePointManager

Tls12:

You can define overrides mentioned at Microsoft support link as

https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework

namespace System.Security.Authentication
{
    public static class SslProtocolsExtensions
    {
        public const SslProtocols Tls12 = (SslProtocols)0x00000C00;
        public const SslProtocols Tls11 = (SslProtocols)0x00000300;
    }
} 

namespace System.Net
{
    using System.Security.Authentication;
    public static class SecurityProtocolTypeExtensions
    {
        public const SecurityProtocolType Tls12 = (SecurityProtocolType)SslProtocolsExtensions.Tls12;
        public const SecurityProtocolType Tls11 = (SecurityProtocolType)SslProtocolsExtensions.Tls11;
        public const SecurityProtocolType SystemDefault = (SecurityProtocolType)0;
    }
}

ServicePointManager

You might have already tried, prefix System.Net so it will look like:

System.Net.ServicePointManager.SecurityProtocol = Tls12

Thanks a lot for answering, Jigar. I've tried what you pointed at and it looked well… just until I tried to recompile the whole solution and many other errors kept coming alive. I'm sure al my problems come from a bad decompiling process, so almost nothing works well after that process. As I can't access source code in any way I've asumed that this is out of my reach. That's why I've now decided to park this issue (at least for a long time from now hehe) and, if I discover how, I'll close this topic to prevent any other people wasting their time trying to help me like you and some others did. — daruniom, Jul 29 '18 at 17:26
@daruniom, you can share top errors came up while compilation, may there is a quick work around to solve all errors at once. — Jigar Joshi, Jul 31 '18 at 02:07

Implementing TLS 1.2 on .NET Framework 3.5 while connecting to payment gateway

2 Answers2