强制 .NET 应用程序使用 TLS 1.2 或更高版本

Question

I wonder how to force a .NET application targeting .NET Framework 4.8 to use TLS 1.2 or later (including future TLS versions).

The application execute as a Windows service. For >98% of the users, it is correctly using TLS 1.2 but in a couple of cases it tries to use older versions like TLS 1.0 or even SSL 3.0. The users who have had issues with it using older TLS versions has been able to resolve it by making registry changes, but telling users to reconfigure settings in Windows registry is a bit risky.

I have followed Microsofts recommendation to not hardcoded the application to use a specific TLS version and instead just rely on the OS default ( https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls ).

So what I wonder is: Is there some way in a .NET application to:

1. Use the Windows default TLS version if it's TLS 1.2 or later.
2. If the Windows default TLS version is SSL 3.0, TLS 1.0 or TLS 1.1 then use TLS 1.2 or later (including TLS 1.3)

I know I can hardcode the TLS version using ServicePointManager.SecurityProtocol , but this goes against Microsofts recommendation and if I hardcode it to TLS 1.2 and 1.3, then whenever TLS 1.4 is used and the customers OS is patched to support it, my application will still use TLS 1.3 which I don't want.

Answer 1

What about adding TLS declaration before calling the action

public static void UploadFile()
    {
        System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

}