1

According to Microsoft Updates Its TLS 1.3 Support Plans in Windows, Office 365 and .NET and Announcing .NET 5.0 RC 1 , does .NET 5.0 RC 1 already support tls1.3? If not, will it definitely be supported in November? In addition, where can I see the official .net schedule.

My test code:

using System;
using System.IO;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

namespace TestTls13{
    class Program {
        static void Main(string[] args) {
            RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
                return (true);
            };
            using(MemoryStream msClient = new MemoryStream()) {
                using(MemoryStream msServer = new MemoryStream()) {
                    using(SslStream sslStreamClient = new SslStream(msClient, false, certificateValidationCallback)) {
                        using(SslStream sslStreamServer = new SslStream(msServer, false, certificateValidationCallback)) {
                            Task taskClient = Task.Run(() => {
                                sslStreamClient.AuthenticateAsClient("nord-IT-systeme GmbH", new X509CertificateCollection() { CreateCert(), }, SslProtocols.Tls13, false);
                            });
                            Task taskServer = Task.Run(() => {
                                sslStreamServer.AuthenticateAsServer(CreateCert(), false, SslProtocols.Tls13, false);
                            });
                            Task.WaitAll(taskClient, taskServer);
                        }
                    }
                }
            }
        }
        static X509Certificate2 CreateCert() {
            ECDsa ecdsa = ECDsa.Create();
            CertificateRequest req = new CertificateRequest("CN=nord-IT-systeme GmbH", ecdsa, HashAlgorithmName.SHA256);
            X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5));
            return (cert);
        }
    }
}

Exception: enter image description here

Is this exception because it does not support tls1.3 yet?

TLS informations in my PC enter image description here

1 Answers1

1

TL;DR

Yes, but the underlying operating system has to support it.
In your case, you have to enable it in the registry because it's disabled by default.

Details

That depends on the underlying operating system.
.NET uses different implementations based on the OS, e.g. OpenSSL on Linux, Schannel on Windows

TLS 1.3 is supported since .NET Core 3.0, as you can read from the docs.

The statement by the time of .NET Core 3.0 will be modified shortly:

Windows and macOS do not yet support TLS 1.3. .NET Core 3.0 will support TLS 1.3 on these operating systems when support becomes available.

Windows supports TLS 1.3 since version 1903, but it's disabled by default.
There is another question which answers how to enable it on Windows:
how to enable TLS 1.3 in windows 10

TLS 1.3 is enabled by default on Windows 10 Insider Preview builds, starting with Build 20170:
Taking Transport Layer Security (TLS) to the next level with TLS 1.3
According to this article:

TLS 1.3 support will also be added to .NET beginning with version 5.0.

A good summary of the current process is stated by karelz on GitHub (this issue also should track when .NET Framework gets support):
https://github.com/dotnet/docs/issues/4675#issuecomment-678421120

kapsiR
  • 2,720
  • 28
  • 36