1

I support a legacy on-premise .Net 4.0 WinForms application. The application uses System.Net.Mail.SmtpClient to send emails via our customers' own SMTP servers. Recently, we've had issues with Office 365 mandating TLS 1.2. Having read that as long as .Net 4.5 is installed, .Net 4.0 applications can utilise TLS 1.2, I added this line:

System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;   // 3072 = TLS 1.2

This solved the issue of connecting to Office 365, but introduced issues making non-SMTP connections to other older 3rd party applications that do not support TLS 1.2. I therefore changed the approach to add TLS 1.2 to the list of allowable protocols rather than set it as the mandated protocol (as outlined in this question and this question), and also added TLS 1.3 at the same time:

System.Net.ServicePointManager.SecurityProtocol |=
    (SecurityProtocolType)3072 |    // 3072 = TLS 1.2
    (SecurityProtocolType)12288;    // 12288 = TLS 1.3

This resolved both issues for some clients and works in our test environment with our own Office 365 account. However, some of our clients have reported issues connecting to Office 365 again. Revert to mandating TLS 1.2 again resolves the SMTP issue, but reintroduced the other problem.

Is it possible to specify the security protocol for a specific connection rather than take this global approach?

Giles
  • 1,331
  • 1
  • 15
  • 30
  • "However, some of our clients have reported issues connecting to Office 365 again" -do they have .NET 4.5 installed? – Mitch Wheat Aug 04 '21 at 10:14
  • @Mitch, I've been told they have, but will get our ops team to double check. – Giles Aug 04 '21 at 10:16
  • better still, when your app. starts up check the .NET version....and Log it. – Mitch Wheat Aug 04 '21 at 10:17
  • Thanks @MitchWheat. Do you mean something like RuntimeInformation.FrameworkDescription? Or do I need to check the registry to see what is installed as well as what it's running under? – Giles Aug 04 '21 at 10:22
  • you need to check the Registry. Something like this: https://stackoverflow.com/questions/951856/is-there-an-easy-way-to-check-the-net-framework-version – Mitch Wheat Aug 04 '21 at 10:26
  • 1
    On another note, TLS 1.0 and TLS 1.1 are no longer secure; you really shouldn't be using those at all. Those 3rd party apps. should have updates? What I do is: ServicePointManager.SecurityProtocol &= (~SecurityProtocolType.Ssl3 & ~SecurityProtocolType.Tls & ~SecurityProtocolType.Tls11); to disable the insecure ptotocols (.NET 4.7 onwards) – Mitch Wheat Aug 04 '21 at 10:30
  • Thanks @MitchWheat. Unfortunately we have clients who either won't upgrade, or can't because there's no upgrade path. They are private intranet rather than public internet applications however, which does mitigate the concerns to a degree. – Giles Aug 04 '21 at 10:38

0 Answers0