Only enable TLS.1.3 in Web-Api hosting in Kestrel-Service

Question

We are currently developing an ASP NET Core Web API hosted in a Kestrel Windows service. We want to enable TLS 1.3 only and disable all other SSL protocols.

The following code works. TLS1.2 and TLS1.3 are both enabled.

{
  "Kestrel": {
    "Endpoints": {
      "HttpsForDeveloper": {
        "Url": "https://localhost:5001",
        "SslProtocols": ["Tls12", "Tls13"]
      }
    },
    "Certificates": {
      "Default": {
        "Subject": "localhost",
        "Store": "My",
        "Location": "LocalMachine",
        "AllowInvalid": true
      }
    }
  }
}

But if I change the code block to remove TLS1.2. Is the page no longer available.

{
  "Kestrel": {
    "Endpoints": {
      "HttpsForDeveloper": {
        "Url": "https://localhost:5001",
        "SslProtocols": ["Tls13"]
      }
    },
    "Certificates": {
      "Default": {
        "Subject": "localhost",
        "Store": "My",
        "Location": "LocalMachine",
        "AllowInvalid": true
      }
    }
  }
}

In Postman I get the following error:

Does anyone have any tips for me or know what I'm doing wrong?

score 1 · Accepted Answer · answered Feb 07 '23 at 12:00

1

The problem was the lack of support for TLS 1.3 in the Windows versions we used. I was able to solve the problem with the following article.

https://stackoverflow.com/a/59210166/6092585

answered Feb 07 '23 at 12:00

battleboimatze

63
1
11

Only enable TLS.1.3 in Web-Api hosting in Kestrel-Service

1 Answers1