supporting TLS 1.2 in HttpClient C#

喜欢而已 提交于 2021-01-27 19:21:43

问题


Good afternoon! I use Azure Maps API using HttpClient. How can I enable support of TLS 1.2? As I know in Framework 4.6+ it is supported. And I should not do anything work for this?


回答1:


In general you do not need to specify any configuration in your application to enable adoption of the latest TLS protocol.

Best practices and scenarios are outlined on docs.microsoft.com for earlier than .Net 4.7.

At high level, you should make audit to make sure your application doesn't take any hard dependency on a lower TLS version. But otherwise no work should be required.

We recommend that you:

  • Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
  • Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
  • Perform a thorough code audit to verify you're not specifying a TLS or SSL version.

When your app lets the OS choose the TLS version:

  • It automatically takes advantage of new protocols added in the future, such as TLS 1.3.
  • The OS blocks protocols that are discovered not to be secure.



回答2:


Use ServicePointManager to set the security protocol.

Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.

HttpClient httpClient = new HttpClient();   

//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.

Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.




回答3:


It will be worth exploring Microsoft documentation on the TLS best practice

For me the issue was solved by adding one of the below registry keys:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001


来源:https://stackoverflow.com/questions/59388038/supporting-tls-1-2-in-httpclient-c-sharp

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!