发表新帖
发表新帖

SSL and Outdated TLS(1.0 and 1.1) for Web Service client application on .Net 3.5

后端 未结
关注
4 537
情书的邮戳
情书的邮戳 2021-02-05 21:23

As per PCI, we need to stop using SSL and TLS(1.0 and 1.1 in certain implementation) from June 30th 2016 as per http://blog.securitymetrics.com/2015/04/pci-3-1-ssl-and-tls.html

相关标签:
4条回答
  • 太阳男子
    2021-02-05 21:30

    Any communication channel that currently uses SSL/early TLS or that is willing to accept them on negotiation and that is part of the cardholder data environment as a security control needs to be changed such that it will only use TLS 1.1 (with an approved cipher suite) or above.

    You need to recompile under .Net 4.5 or greater (TLS 1.2 is not enabled by default so code changes are needed) or use a 3rd party library that supports the required protocols.

    Note that if you know your system is using SSL/early TLS you must created a risk mitigation plan/document.

    INFORMATION SUPPLEMENT Migrating from SSL and Early TLS

    0 讨论(0)
  • 鱼传尺愫
    2021-02-05 21:45

    Microsoft have done the unthinkable and published patches for this

    • KB3154518 - Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win7 SP1/Win 2008 R2 SP1
    • KB3154519 - Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win8 RTM/Win 2012 RTM
    • KB3154520 - Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win8.1RTM/Win 2012 R2 RTM
    • KB3156421 - 1605 HotFix Rollup through Windows Update for Windows 10.
    0 讨论(0)
  • 太阳男子
    2021-02-05 21:48

    Actually, you can use TLS 1.2 in Frameworks lower than 4.5 (at least I managed it in .NET Framework 4 client). Instead of using the classic command in order to set the Protocol as Tls12, you can bypass it by using the id for this protocol. 

      ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
    0 讨论(0)
  • 不知归路
    2021-02-05 21:52

    The one thing they don't seem to have done, is update wsdl.exe to support TLS1.1 or 1.2. This is what happens if you try and point wsdle.exe form .Net 4.7 at a web service that doesn't support TLS1.0:

    Microsoft (R) Web Services Description Language Utility
[Microsoft (R) .NET Framework, Version 4.7.2558.0]
Copyright (C) Microsoft Corporation. All rights reserved.
Error: There was an error processing 'http://<some.domain>/_vti_bin/Authentication.asmx?wsdl'.
  - There was an error downloading 'http://<some.domain>/_vti_bin/Authentication.asmx?wsdl'.
  - The underlying connection was closed: An unexpected error occurred on a send.
  - Authentication failed because the remote party has closed the transport stream.

    This is causing me some real issues, and just stunned that this app has still not been updated!

    0 讨论(0)
 看不清?
提交回复
热议问题