ChatGPT解决这个技术问题 Extra ChatGPT

TLS 1.2 in .NET Framework 4.0

I have a Windows server 2008 R2 server running a dozen .NET Framework 4.0 WebForms applications, and I need to disable TLS 1.0 and lower. When I do that, all secure connections fail and I was forced to re-enable TLS 1.0. Is there any way to use TLS 1.2 in a framework 4.0 environment? Perhaps I am missing something?

Also, due to limitations of the version CMS we are using, we cannot upgrade the Framework at this time.

V
Vikrant

If you are not able to add a property to system.net class library.

Then, add in Global.asax file: 

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2
ServicePointManager.SecurityProtocol = (SecurityProtocolType)768; //TLS 1.1

And you can use it in a function, at the starting line: 

ServicePointManager.SecurityProtocol = (SecurityProtocolType)768 | (SecurityProtocolType)3072;

And, it's being useful for STRIPE payment gateway, which only supports TLS 1.1, TLS 1.2.

EDIT: After so many questions on .NET 4.5 is installed on my server or not... here is the screenshot of Registry on my production server:

I have only .NET framework 4.0 installed.

https://i.stack.imgur.com/FlGhA.png

I think this requires .net 4.5 to be installed, so technically this isn't a fix for .net 4.0.
It requires .NET 4.5 installed for compilation, but you don't have to target it in the project.
Future confirmation for anyone: this works on VB .NET 3.5. ServicePointManager.SecurityProtocol = DirectCast(3072, SecurityProtocolType) 'TLS 1.2
@Martin but you DO need .NET 4.5 installed on the target computer for this to work.
The screenshot attached doesn't prove that there is no 4.5+ framework installed. They are shown under v4/Full key with a "Release" keyword: docs.microsoft.com/en-us/dotnet/framework/migration-guide/…
P
Philipp Maurer

Make the following changes in your Registry and it should work:

1.) .NET Framework strong cryptography registry keys 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

2.) Secure Channel (Schannel) TLS 1.2 registry keys 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
This worked perfectly and did not require me to add the line of code the other posts are talking about.
Fantastic, this managed to get .Net40 to talk to TLS 1.2 Payment gateways and Mail servers. Restart of the WWW Publishing service was sufficient to make it work.
I needed all of these keys/values, and also needed to restart the server, but after that TLS 1.2 was supported in a .Net 4.0 application without any code changes.
I wish it didn't take me 5 hours to find this post. This solved my SSL handshake error (The request was aborted: Could not create SSL/TLS secure channel).
thanks you!!! this solved my problem using github's markdown rendering services via MarkdownPad.
V
Vikrant

The only way I have found to change this is directly on the code :

at the very beginning of your app you set 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

you should include the system.net class

I did this before calling a web service because we had to block tls1 too.

This doesn't work for projects targeting .NET 4.0 because SecurityProtocolType has no member Tls12.
ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072; That will work in 4.0, although it might require your runtime to be fully patched/updated.
While this is a year old, the answer, in my eyes, is wrong! It should be updated with the answer provided by @STW
The accepted answer is incorrect if you are using .NET 4.0
Do not hardcode the security protocol. See TLS Best Practices with .NET
V
Vikrant

According to this, you will need .NET 4.5 installed. For more details, visit the webpage. The gist of it is that after you have .NET 4.5 installed, your 4.0 apps will use the 4.5 System.dll. You can enable TLS 1.2 in two ways:

At the beginning of the application, add this code: ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

Set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319: SchUseStrongCrypto to DWORD 1

In order to get TLS 1.2 without code changes, you'll also need .NET 4.6 installed in addition to the registry keys. More info here: github.com/TheLevelUp/pos-tls-patcher
u
user2721607

I code in VB and was able to add the following line to my Global.asax.vb file inside of Application_Start 

ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)    'TLS 1.2
i
incarnadine

There are two possible scenarios,

If your application runs on .net framework 4.5 or less, and you can easily deploy new code to the production then you can use of below solution. You can add the below line of code before making the API call, ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5 ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // .NET 4.0 If you cannot deploy new code and you want to resolve the issue with the same code which is present in the production, then you have two options.

Option 1 : 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

then create a file with extension .reg and install.

Note : This setting will apply at registry level and is applicable to all application present on that machine and if you want to restrict to only single application then you can use Option 2

Option 2 : This can be done by changing some configuration setting in config file. You can add either in your config file. 

<runtime>
    <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>
</runtime>

or 

<runtime>
  <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"
</runtime>
K
Krain Chen

I meet the same issue on a Windows installed .NET Framework 4.0.
And I Solved this issue by installing .NET Framework 4.6.2.
Or you may download the newest package to have a try.

and what if they need to run 4.5?
I have it installed already, and it does not work. The registration keys in fact did the job.

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Links

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.