...
For your app to negotiate TLS 1.2, the OS and the .NET Framework version both need to support TLS 1.2.
Operating system requirements to support TLS 1.2
To enable or re-enable TLS 1.2 and/or TLS 1.1 on a system that supports them, see Transport Layer Security (TLS) registry settings.
OS | TLS 1.2 support |
---|---|
Windows 10 Windows Server 2016 | Supported, and enabled by default. |
Windows 8.1 Windows Server 2012 R2 | Supported, and enabled by default. |
Windows 8.0 Windows Server 2012 | Supported, and enabled by default. |
Windows 7 SP1 Windows Server 2008 R2 SP1 | Supported, but not enabled by default. See the Transport Layer Security (TLS) registry settings web page for details on how to enable TLS 1.2. |
Windows Server 2008 | Support for TLS 1.2 and TLS 1.1 requires an update. See Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2. |
Windows Vista | Not supported. |
For information about which TLS/SSL protocols are enabled by default on each version of Windows, see Protocols in TLS/SSL (Schannel SSP).
Requirements to support TLS 1.2 with .NET Framework 3.5
This table shows the OS update you'll need to support TLS 1.2 with .NET Framework 3.5. We recommend you apply all OS updates.
OS | Minimum update needed to support TLS 1.2 with .NET Framework 3.5 |
---|---|
Windows 10 Windows Server 2016 | Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: May 10, 2016 |
Windows 8.1 Windows Server 2012 R2 | Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 |
Windows 8.0 Windows Server 2012 | Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows Server 2012 |
Windows 7 SP1 Windows Server 2008 R2 SP1 | Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1 |
Windows Server 2008 | Support for TLS System Default Versions included in the .NET Framework 2.0 SP2 on Windows Vista SP2 and Server 2008 SP2 |
Windows Vista | Not supported |
For .NET Framework 4.6 - 4.6.2
and not WCFSet the DontEnableSystemDefaultTlsVersions AppContext switch to falsethe DontEnableSystemDefaultTlsVersions AppContext switch to false. Whether by default, or by setting them explicitly, the switches should be false if possible.
...
If your app targets .NET Framework 4.7 or later versions, this switch defaults to false
. That's a secure default that we recommend. If your app runs on .NET Framework 4.7 or later versions, but targets an earlier version, the switch defaults to true
. In that case, you should explicitly set it to false
.
For .NET Framework 3.5 - 4.5.2
...
Set the SchUseStrongCrypto and SystemDefaultTlsVersions registry keys to 1. See Configuring security via the Windows Registry. The .NET Framework version 3.5 supports the SchUseStrongCrypto
flag only when an explicit TLS value is passed.
...
For .NET Framework 3.5
The .NET framework version 3.5 SP1 and earlier versions did not provide support for applications to use Transport Layer Security (TLS) System Default Versions as a cryptographic protocol. This update enables the use of TLS v1.2 in the .NET Framework 3.5 SP1.
...
So in your Application Start entry point (Like the Global.asax, MVC or OWin Startup class) you can add the following line to set TLS 1.2protected void Application_Start(Object sender, EventArgs e)
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{ //Enableprotected void Application_Start(Object sender, EventArgs e) { //The following line enables TLS 1.1 (in case other requests need to support TLS 1.1) and also TLS 1.2 for Quik! ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 } |
Most of the above explanation was taken from Microsoft documentation, for more details please see https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
...