0

I have my .NET web application hosted on Azure Web App Service with stack settings ASP.NET V4.8. We received notification that: Disabling TLS 1.0 and TLS 1.1 in Microsoft 365.

We intend to use Tls 1.2 protocol to connect to some third party APIs and Microsoft 365 Graph APIs.

Our current .NET configuration is as below:

<system.web>
    <compilation targetFramework="4.6.1" />
    <httpRuntime targetFramework="4.5.2" />
</system.web>

With above settings API calls to an third party app which requires Tls1.2 doesn't work. However changing the above settings to below works for third party apps.

<system.web>
    <compilation targetFramework="4.6.1" />
    <httpRuntime targetFramework="4.6.1" />
</system.web>

I referred one of the stack overflow question, Update .NET web service to use TLS 1.2 which mentions that using httpRuntime 4.6.1 alone doesn't work but needs to do additional configurations like updating registry values.

My question is how is it working in case of my application where I haven't updated any configurations like registry values just by changing httpRuntime to 4.6.1 (which is not possible since using Azure Web Apps). Or Azure Web Apps platform has those additional configurations already set to use Tls1.2 for httpRuntime 4.6.1?

Sushrut Paranjape
  • 429
  • 2
  • 4
  • 17
  • The default version of TLS is based on the version of Net. So Net 4.5.2 is defaulting to TLS 1.1 while Net 4.6.1 is defaulting to TLS 1.2. Microsoft often changes default parameters with each version of Net. – jdweng Feb 17 '21 at 17:45
  • In Azure go to, [your app service] > Settings > TLS/SSL Settings ... from there you can see and change the minumum TLS version used by your app. – quaabaam Feb 17 '21 at 18:29
  • @jdweng, I was trying to find the documentation from Microsoft for this. I found an article: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#switchsystemnetdontenableschusestrongcrypto where it is mentioned in the context of Switch.System.Net.DontEnableSchUseStrongCrypto that: If your app targets .NET Framework 4.6 or later versions, this switch defaults to false. That's a secure default, which we recommend. Is this referring that 4.6 or later version use Tls1.2? – Sushrut Paranjape Feb 18 '21 at 10:26
  • Thanks for the article. Microsoft was never keeping up with the latest Encryption Algorithms. So Net would not work properly with the newer algorithms. TLS 1.3 never worked with Net that used a newer encryption algorithm.. TLS did not work initially until Microsoft updated there encryption methods. So Microsoft decided to let the Windows dlls do the TLS. Using operating system causes issues with Mobile device where older Kernels do not support the new version of TLS. It is a mess to figure out where a TLS issue is occurring Same for older versions Windows.. – jdweng Feb 18 '21 at 10:40

0 Answers0