.NET 4.5 和 .NET 4.5.1 是否默认启用 TLS 1.1 和 TLS 1.2?
[英]Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?
问题描述
On our Windows 2012 Server R2, we need to disabled TLS 1.0.
在我们的 Windows 2012 Server R2 上,我们需要禁用 TLS 1.0。
However we have .NET 4.5 Wcf services running.但是我们有 .NET 4.5 Wcf 服务正在运行。 We found that if we disable TLS 1.0 that the WCF services no longer run, as we get the error 'An existing connection was forcibly closed by the remote host'.我们发现,如果我们禁用 TLS 1.0,WCF 服务将不再运行,因为我们会收到错误“远程主机强制关闭现有连接”。
Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1 ? .NET 4.5 和 .NET 4.5.1 中是否默认启用 TLS 1.1/1.2? If not, which we assume is the case, where in our WCF project do we force the project to use TLS 1.1/1.2 ?如果不是,我们假设是这种情况,在我们的 WCF 项目中,我们是否强制项目使用 TLS 1.1/1.2 ?
2 个解决方案
解决方案1
101 已采纳 2017-08-15 12:30:51
Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1?
No. The default protocols enabled for the various framework versions are:否。为各种框架版本启用的默认协议是:
- .NET Framework 4.5 and 4.5.1: SSLv3 and TLSv1 .NET Framework 4.5 和 4.5.1:SSLv3 和 TLSv1
- .NET Framework 4.5.2: SSLv3, TLSv1, and TLSv1.1 .NET Framework 4.5.2:SSLv3、TLSv1 和 TLSv1.1
- .NET Framework 4.6 and higher: TLSv1, TLSv1.1, and TLS1.2 .NET Framework 4.6 及更高版本:TLSv1、TLSv1.1 和 TLS1.2
Sources: [ 1 ] [ 2 ] [ 3 ]资料来源: [ 1 ] [ 2 ] [ 3 ]
While Microsoft recommends against explicitly specifying protocol versions in favour of using the operating system's defaults:虽然 Microsoft 建议不要明确指定协议版本,而要使用操作系统的默认值:
To ensure .NET Framework applications remain secure, the TLS version should not be hardcoded.
... it's still possible to select which protocols your application supports by using the ServicePointManager class, specifically by setting the SecurityProtocol property to the relevant SecurityProtocolType s. ...仍然可以通过使用ServicePointManager类来选择您的应用程序支持哪些协议,特别是通过将SecurityProtocol属性设置为相关的SecurityProtocolType s。
In your case you would want to use the following:在您的情况下,您希望使用以下内容:
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Note that TLSv1 and TLSv1.1 are effectively deprecated as of 2020;请注意,自 2020 年起,TLSv1 和 TLSv1.1 已被有效弃用; you should avoid building new applications that rely on these protocols, and make every effort to upgrade applications that currently use them.您应该避免构建依赖这些协议的新应用程序,并尽一切努力升级当前使用它们的应用程序。
解决方案2
4 2020-10-09 18:05:34
The answer by Ian Kemp works without an issue, but I just wanted to provide another answer that means you don't have to recompile your code. Ian Kemp 的答案没有问题,但我只是想提供另一个答案,这意味着您不必重新编译代码。
Anything above .NET 4.5 can support TLS 1.2 however the default of anything lower than .NET 4.7 is TLS 1.1.任何高于 .NET 4.5 的都可以支持 TLS 1.2,但是低于 .NET 4.7 的任何东西的默认值都是 TLS 1.1。 So if you need to access something using TLS 1.2 you get an error as it will be trying to use the default.因此,如果您需要使用 TLS 1.2 访问某些内容,则会出现错误,因为它将尝试使用默认值。
You can add the following code to your configuration file, to override the default.您可以将以下代码添加到配置文件中,以覆盖默认值。
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
</runtime>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.