Enabling TLS 1.2 without changing code in .NET

Question

I have .NET 4.5.2 application that is using SmtpClient to send emails. The application is installed on Windows 2012 R2 server. When I disable TLS 1 and TLS 1.1 and enable only TLS 1.2, the application stops sending mails. I think that's because .NET 4.5.2 does not support v1.2.

I am thinking of the following steps

1>Disable TLS 1 and TLS 1.1 and enable only TLS 1.2 on Windows Server.
2>Install .NET 4.8 on Windows Server.
3>Change target framework of the application to 4.8 (in csproj and web.config) and recompile.
4>Deploy application.

Questions
Based on the documentation Starting with .NET Framework 4.7.1, WCF defaults to the operating system configured version
1>Is this true only for WCF or will SMTP also defaults to operating system configured version?
2>or do I need to set version explicitly like System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
3>Is it possible to set the version TLS 1.2 right now, and when in future TLS 1.3 is available app should automatically defaults to TLS 1.3? (Without changing the code again)

I hope your app is not hosted in an Azure App Service; If you do, you can easily navigate to your App Service > Settings > TLS/SSL Settings > Upgrade to TLS 1.2 or preferred. Ideally, the highest TLS is good and secure. — hiFI, Oct 04 '21 at 03:15

score 15 · Answer 1 · answered Feb 15 '21 at 02:25

Is this true only for WCF or will SMTP also defaults to operating system configured version?

No, this applies to all .NET Framework networking APIs that based on SslStream, which includes SMTP, as well as HTTP and FTP.

or do I need to set version explicitly like System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

If you compile your app to .NET 4.7 or higher, you don't need to set a value to System.Net.ServicePointManager.SecurityProtocol because it will be set to SystemDefault which means it will inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.

Is it possible to set the version TLS 1.2 right now, and when in future TLS 1.3 is available app should automatically defaults to TLS 1.3?

Yes, you just have to check if System.Net.ServicePointManager.SecurityProtocol is set to anything else that is not SystemDefault (which has the value of 0 (zero) in .NET 4.7+), and in that case you can set it to TLS 1.2 to override it.

var securityProtocol = (int)System.Net.ServicePointManager.SecurityProtocol;

// 0 = SystemDefault in .NET 4.7+
if (securityProtocol != 0)
{
    System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
}

Where should I place this code? On the controller, on the service, or in the Startup? — ezhupa99, Feb 16 '23 at 09:20
@ezhupa99 At the very start of your app, before executing any HTTP request — C. Augusto Proiete, Mar 01 '23 at 22:38

Enabling TLS 1.2 without changing code in .NET

1 Answers1

Linked