Are there .NET implementation of TLS 1.2?

Question

由于我刚刚发现RFC 5425需要使用TLS 1.2，并且.NET还不支持它，我想知道是否有任何实现，可能是开源的TLS 1.2协议，如RFC 5246中所定义。

Answer 1

Yes, though you have to turn on TLS 1.2 manually at System.Net.ServicePointManager.SecurityProtocol

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; // comparable to modern browsers
var response = WebRequest.Create("https://www.howsmyssl.com/").GetResponse();
var body = new StreamReader(response.GetResponseStream()).ReadToEnd();

Your client is using TLS 1.2, the most modern version of the encryption protocol

---

Out the box, WebRequest will use TLS 1.0 or SSL 3 .

Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.

Answer 2

Just found that .Net Framework 4.5 now supports TLSv1.2
http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx

Answer 3

You can make use of the SchUseStrongCrypto registry setting to require all .NET applications to use TLS 1.2 instead of 1.0 by default.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Answer 4

I fixed my problem by switching to the latest .Net Framework. So your target Framework sets your Security Protocol.

when you have this in Web.config

<system.web>
  <httpRuntime targetFramework="4.5"/>
</system.web>

you will get this by default:

ServicePointManager.SecurityProtocol = Ssl3 | Tls

when you have this in Web.config

<system.web>
  <httpRuntime targetFramework="4.6.1"/>
</system.web>

you will get this by default:

ServicePointManager.SecurityProtocol = Tls12 | Tls11 | Tls

Answer 5

Just download this registry key and run it. It will add the necessary key to the .NET framework registry. You can have more info at this link . Search for 'Option 2' in '.NET 4.5 to 4.5.2'.

The reg file appends the following to the Registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

This is the part of the page that is useful in case it goes broken :

" .. enable TLS 1.2 by default without modifying the source code by setting the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft.NETFramework\\v4.0.30319" and "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft.NETFramework\\v4.0.30319". Although the version number in those registry keys is 4.0.30319, the .NET 4.5, 4.5.1, and 4.5.2 frameworks also use these values. Those registry keys, however, will enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. It is thus advisable to test this change before deploying it to your production servers. This is also available as a registry import file. These registry values, however, will not affect .NET applications that set the System.Net.ServicePointManager.SecurityProtocol value. "

Answer 6

If you are dealing with older versions of .NET Framework, then support for TLS 1.2 is available in our SecureBlackbox product in both client and server components. SecureBlackbox contains its own implementation of all algorithms, so it doesn't matter which version of .NET-based framework you use (including .NET CF) - you'll have TLS 1.2 with the latest additions in all cases.

Please note that SecureBlackbox wont magically add TLS 1.2 to framework classes - instead you need to use SecureBlackbox classes and components explicitly.

Answer 7

最新版本的SSPI （与Windows 7捆绑在一起）具有TLS 1.2的实现，可以在schannel.dll中找到

Answer 8

.NET Framework 4.6 uses TLS 1.2 by default.

Moreover, only host application should be in .NET 4.6, referenced libraries may remain in older versions.

Answer 9

You can enable TLS 1.2 in IIS by following these instructions . I presume this would be sufficient if you have an ASP.NET-based application that runs on top of IIS, although it looks like it does not really meet your needs.

Answer 10

如这里提到的，你可以添加这一行

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;