如何在运行时将安全协议更新为TLS 1.2

Question

Not able to update the security protocol using the below code called in Application_Start of Global.asax, (Probably because the CAS communication is failing well before reaching this line of code)

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

I have my .net application developed in 4.0 framework which is expected to use security protocol earlier than TLS 1.2. I have got a CAS authentication failing to redirect to my application due to TLS issue. To resolve this issue I did made a targeted framework change in web.config as below.

<httpRuntime requestValidationMode="2.0" targetFramework="4.6" />

But above solution is leading to different problems. So right now what I'm trying to figure out is to resolve my CAS issue by using Security Protocol update to 1.2. Please help me how can I deal with my situation.

Answer 1

If .NET 4.5 or greater is installed on your system the code you have posted: ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; should work without changing the .NET framework your application is targeting.

If you cannot upgrade the .NET framework on your system you will need to set the SchUseStrongCrypto and SystemDefaultTlsVersions registry keys to 1.

From: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

For .NET Framework 3.5 - 4.5.2 and not WCF

We recommend you upgrade your app to .NET Framework 4.7 or later versions. If you cannot upgrade, take the following steps. At some point in the future, your application may fail until you upgrade to .NET Framework 4.7 or later versions.

Set the SchUseStrongCrypto and SystemDefaultTlsVersions registry keys to 1. See Configuring security via the Windows Registry. The .NET Framework version 3.5 supports the SchUseStrongCrypto flag only when an explicit TLS value is passed.