I develop a C# program in Visual Studio 2013 which communicates with a SOAP webservice. How can I tell which version of TLS my program uses?
3 Answers
I got the answer by directing my program to make requests to https://www.howsmyssl.com/a/check.
2 Comments
cja
I like to test the behaviour of my program, not just to rely on the documentation.
Jamie Ciocco
I don't understand the disdain for this answer. It uses empirical testing and it can be generalized to other server types.
TLS 1.2 was added in .NET 4.5. The earliest supported .NET version is 4.5.2, so you won't have any issues if you use a supported version.
.NET 4.6 uses TLS 1.2 by default. Earlier versions need this line to enable it :
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 |
SecurityProtocolType.Tls11;
TLS 1.0 is being phased out and SSL v3 is considered broken so they shouldn't be added.
answered Oct 23, 2017 at 12:22
Panagiotis Kanavos
134k16 gold badges211 silver badges270 bronze badges
5 Comments
alksdjg
Can you link to a source confirming that .NET 4.6 uses TLS 1.2 by default? I can't find anything official and can see other commentors contradicting this e.g: stackoverflow.com/a/47913910/5344430
Panagiotis Kanavos
Don't use 4.6 to begin with, don't try to hard-code the versions. Simply googling for
.NET TLS 1.2 returns Transport Layer Security (TLS) best practices with the .NET Framework as the first result. Use .NET 4.7 on a supported OS and let your application use the best available TLS version. Even 4.6.2 was a bit of a mess both on TLS and assembly redirects.alksdjg
I'm not going to use 4.6. I literally just want to know where you got the information "4.6 uses TLS 1.2 by default" because I couldn't find it anywhere. How did you confirm / prove that?
Panagiotis Kanavos
I posted the link already. 3 years ago I was answering the question
How can I tell which version of TLS my program uses? and the answer isn't VS 2013. To get TLS 1.2 without code modifications you need 4.6 at least. By that point I had answered that question dozens of times for years and didn't bother posting another full explanation. By that point (like many common questions in SO) just finding a good duplicate would take more time than writing a quick answerPanagiotis Kanavos
@alksdjg and, the real question after all was posted as a comment to Oria's answer
As my production web service calls were communicating with a 3rd party service, I needed an extra proof of which protocol was being used before and after I made the .net version change.Another good way to check is to install WireShark (https://www.wireshark.org/download.html)
and to use it while running your application. within the TLS Packets you will be able to see versions and such:
8 Comments
Panagiotis Kanavos
There's no reason to. There's no ambiguity. 4.6 -> TLS1.2 by default 4.5 -> TLS11 and config change for 1.2. 4 and below, no TLS 1.2
jessehouwing
4 and below support TLS 1.2 with a hotfix.
jessehouwing
jessehouwing
Panagiotis Kanavos
@jessehouwing even worse, these hotfixes depend on some well-known hacks to work in code, like assigning the enum's value to
SecurityProtocol even though it isn't defined. That was used as a stopgap 2 years ago, when the providers started demanding TLS1.2 |
ServicePointManager.SecurityProtocolvalue for the supported protocols.