问题
Good afternoon! I use Azure Maps API using HttpClient. How can I enable support of TLS 1.2? As I know in Framework 4.6+ it is supported. And I should not do anything work for this?
回答1:
In general you do not need to specify any configuration in your application to enable adoption of the latest TLS protocol.
Best practices and scenarios are outlined on docs.microsoft.com for earlier than .Net 4.7.
At high level, you should make audit to make sure your application doesn't take any hard dependency on a lower TLS version. But otherwise no work should be required.
We recommend that you:
- Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
- Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
- Perform a thorough code audit to verify you're not specifying a TLS or SSL version.
When your app lets the OS choose the TLS version:
- It automatically takes advantage of new protocols added in the future, such as TLS 1.3.
- The OS blocks protocols that are discovered not to be secure.
回答2:
Use ServicePointManager to set the security protocol.
Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.
HttpClient httpClient = new HttpClient();
//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.
Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.
回答3:
It will be worth exploring Microsoft documentation on the TLS best practice
For me the issue was solved by adding one of the below registry keys:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
来源:https://stackoverflow.com/questions/59388038/supporting-tls-1-2-in-httpclient-c-sharp