WCF Service and TLS 1.2


Hi All,

I worked on a WCF Service (.NET 3.5) which consumed an external web service and was working fine. Until recently it started giving the following error.

An error occurred while making the HTTP request to
{url}.This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case.This could also be caused by a mismatch of the security binding between the client and the server.

This made a big issue as the WCF was already being consumed by number of other systems. Later we got to know the external web service was upgraded to use TLS 1.2 and the .NET 3.5 doesn't support TLS 1.2 (.NET 4.5 or greater supports TLS 1.2). So I had to change the version of the .NET version to 4.5 and add the following code to enforce it to use TLS 1.2. And everything started to work the way they used to.


1) .NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2, it’s supported by default.
2) .NET 4.5. TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

3) .NET 4.0. TLS 1.2 is not supported, but if you have .NET 4.5 (or above) installed on the system then you still can opt in for TLS 1.2 even if your application framework doesn’t support it. The only problem is that SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS1.2, so we’d have to use a numerical representation of this enum value:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

4) .NET 3.5 or below. TLS 1.2 is not supported (*) and there is no workaround. Upgrade your application to more recent version of the framework.


Sources : http://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/

Comments