TLS 1.2 connection does not work

Hi,

We have our own developed software which we can use to connect to webservices. We now did some changes in order to call endpoints that only accept TLS 1.2 requests. In a small testsetting we see that we can connect a TLS 1.2 endpoint.  But in a sample website project we still get errors while doing requests to a TLS 1.2. Given the fact that the small (non-website) testsetting is succesful, we think it has to do with the configuration (for example in the web.config of our website project) I have the next questions:
- how can I see which protocol is used when doing requests to an endpoint? What tools can I use to see this exact call (in order to be sure that I don't do a TLS 1.2 call);
- our software is developed using .NET 4.6.2. This is the framework to use to do TLS 1.2 calls. Maybe the calls are done not using this version, but an older version. Can I force webservice requests using this framework?
- is there a setting (for example in web.config) which I can use to force my requests to be TLS 1.2?

Thanks,

Arne
adiemeerAsked:
Who is Participating?
 
adiemeerAuthor Commented:
We found a post that exactly describes our situation. We have a consoloe application working with TLS 1.2, and a website application that does not. https://stackoverflow.com/questions/43872575/net-framework-4-6-1-not-defaulting-to-tls-1-2
0
 
Snarf0001Commented:
Depending on the framework version, web apps default to still allow various other protocols.
Not sure if 1.2 is even enabled by default in 4.6.2

In any case, you just need to tweak the security protocol in Global.asax

protected void Application_Start()
{
	//other code

	ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
}

Open in new window


Usually it's a combination of protocols with an or flag, but this should force 1.2 and reject any request outside of that.
0
 
adiemeerAuthor Commented:
Thanks for your comment. So it is not possible to force the use of 1.2 by a web.config setting? In the web.config I configured the binding with the endpoint that only wants to connect using the TLS 1.2 protocol. So, I was hoping that in that binding configuration I could force to use 1.2.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Snarf0001Commented:
Not to my knowledge, no.
The config bindings can be used to configure a lot of options, but the tls protocol is much more global and needs to be done through code as outlined.

Optionally, you might try completely removing the protocols from the entire server, but seems like a fair bit of overkill.
0
 
Snarf0001Commented:
Which appears to be telling you the same thing...  unless I read something wrong?
Is there any reason you don't want to simply add the line of code?
0
 
adiemeerAuthor Commented:
Now, we will add the extra line of code. It was not clear that console applications have another default then website applications. With this extra information it does make sense what behavior we see.
0
 
Snarf0001Commented:
Ah, I see.  Apologies if I wasn't clear on the explanation.
0
 
adiemeerAuthor Commented:
Thank you for your assistance!
0
 
adiemeerAuthor Commented:
Another blogpost was found with the exact solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.