5

I want to lock down my Webapi to TLSv1.2 so TLSv1.1 is disallowed etc. I saw the following post but it seems it's only relevant to asp.net core: Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?

Any ideas how I can do this? I intitially had this code :

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3; // only allow TLSV1.2 and SSL3

But was unsure if this was the correct approach and whether it applies to just client connections.

Any ideas?

Rubans
  • 4,188
  • 6
  • 40
  • 58

2 Answers2

1

We use OWIN for ADFS WSFederation SSO and had a related issue with the application reporting an IOException when downloading the XML metadata.

Upon investigation the host of the XML was enforcing TLS 1.2.

Using the above line of code within the application corrected the issue and the OWIN configuration was able to download the XML metadata

John Jackson
  • 31
  • 6
0

ServicePointManager is used for outgoing HTTP requests, not incoming. For incoming this needs to be configured in IIS, netsh, or the registry.

https://learn.microsoft.com/en-us/security/engineering/disable-legacy-tls covers IIS and netsh. netsh http add sslcert <regular parameters> disablelegacytls=enable

Tratcher
  • 5,929
  • 34
  • 44