0

I start working on new Web App and still doing the research about the framework to pick. One of the requirements: the app will be deployed to IIS on Windows Server 2008 that has SSL3 certificate. Also the app will be deployed to newer Windows Server with TLS certificate. So the issue I'm facing is similar to this question.

Will .Net Core ASP.Net MVC support both SSL3 and TLS* or Should I go with standard .Net Framework?

If not, What version of .Net Framework to pick?

Mhd
  • 2,778
  • 5
  • 22
  • 59
  • This doesn't answer your question, but check the answer here for a good explanation of using .Core & .NET: https://stackoverflow.com/questions/57205650/what-are-the-problems-with-mixing-net-framework-and-net-core – pcalkins Aug 28 '19 at 19:13

1 Answers1

0

I could be wrong here, but SSL3 is very old and has succeeded by replaced by TLS 1.2.

If the server is running Windows Server 2008 R2 SP1 (release 2, service pack 1) or greater then I would recommending going with .NET Core.

However, if the server is Windows Server 2008 without R2 then you will need to use an older version of the .NET Framework say 4.6.1.

Before jumping in you should sit down with the decision makers point out that developing a solution on legacy infrastructure holds serious security and business risks.

Kane
  • 16,471
  • 11
  • 61
  • 86
  • Yes SSL3 was deprecated long time ago but one of the clients is still using it. if the server has Windows Server 2008 R2 SP1 (release 2, service pack 1), will .Net core (hosted on IIS) supports SSL3? – Mhd Aug 28 '19 at 19:30
  • 1
    @Mhd If that's your final deployment environment, IIS/Windows takes care of SSL/TLS handshakes, so you need to enable SSL 3 there. It has little to do with ASP.NET Core. – Lex Li Aug 28 '19 at 20:11