3

I want to globally enforce using TLS 1.2 in my WPF application in the following way:

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

From .NET 4.5 TLS 1.2 protocol is supported for secure communication over https. My question is that will this always work if I ship the .NET 4.5 along side with my application. Does it depends on the OS version?

Improve this question
1
  • It depends on the OS and also the policies applied to the OS. So I'd think of this the other way: your app requires TLS1.2, so instead ensure you have a graceful path IF that isn't available. But also does it require 1.2? or require the latest? which just happens to be 1.2 right now. Commented Jun 21, 2023 at 14:19

1 Answer 1

Reset to default
3

TLS is terminated in Windows by a component called SChannel. The supported ciphers are dependent on the version of SChannel, which is dependent on the OS, NOT on the .NET version. Windows XP for instance, only supports up to TLS 1.0

This means that your host PC needs to be at least Windows 7 if you want to support TLS 1.2

Details can be found here: http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

So if I'd use it like this: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; This supposed to work from Vista to Windows 10, didn't it?
I don't know what happens if you combine them, although their binary values suggest that you can. Will it choose the highest TLS that is supported? Theoretically, it will send the list of supported ciphers to the client and the client will choose the best one but I'm not sure that it is consistent or guaranteed. It is probably the best you can do to support Vista. You might also miss out TLS1.1 because I think 1.2 is supported on all platforms that support 1.1
And to note it depends on the OS and the policies applied to the OS, so in enterprises old protocols, cipher algos can all be enabled or disabled by policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.