TLS 1.2 connection does not work

Hi,

We have our own developed software which we can use to connect to webservices. We now did some changes in order to call endpoints that only accept TLS 1.2 requests. In a small testsetting we see that we can connect a TLS 1.2 endpoint.  But in a sample website project we still get errors while doing requests to a TLS 1.2. Given the fact that the small (non-website) testsetting is succesful, we think it has to do with the configuration (for example in the web.config of our website project) I have the next questions:
- how can I see which protocol is used when doing requests to an endpoint? What tools can I use to see this exact call (in order to be sure that I don't do a TLS 1.2 call);
- our software is developed using .NET 4.6.2. This is the framework to use to do TLS 1.2 calls. Maybe the calls are done not using this version, but an older version. Can I force webservice requests using this framework?
- is there a setting (for example in web.config) which I can use to force my requests to be TLS 1.2?

Thanks,

Arne
adiemeerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Snarf0001Commented:
Depending on the framework version, web apps default to still allow various other protocols.
Not sure if 1.2 is even enabled by default in 4.6.2

In any case, you just need to tweak the security protocol in Global.asax

protected void Application_Start()
{
	//other code

	ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
}

Open in new window


Usually it's a combination of protocols with an or flag, but this should force 1.2 and reject any request outside of that.
0
adiemeerAuthor Commented:
Thanks for your comment. So it is not possible to force the use of 1.2 by a web.config setting? In the web.config I configured the binding with the endpoint that only wants to connect using the TLS 1.2 protocol. So, I was hoping that in that binding configuration I could force to use 1.2.
0
Snarf0001Commented:
Not to my knowledge, no.
The config bindings can be used to configure a lot of options, but the tls protocol is much more global and needs to be done through code as outlined.

Optionally, you might try completely removing the protocols from the entire server, but seems like a fair bit of overkill.
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

adiemeerAuthor Commented:
We found a post that exactly describes our situation. We have a consoloe application working with TLS 1.2, and a website application that does not. https://stackoverflow.com/questions/43872575/net-framework-4-6-1-not-defaulting-to-tls-1-2
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Snarf0001Commented:
Which appears to be telling you the same thing...  unless I read something wrong?
Is there any reason you don't want to simply add the line of code?
0
adiemeerAuthor Commented:
Now, we will add the extra line of code. It was not clear that console applications have another default then website applications. With this extra information it does make sense what behavior we see.
0
Snarf0001Commented:
Ah, I see.  Apologies if I wasn't clear on the explanation.
0
adiemeerAuthor Commented:
Thank you for your assistance!
0
adiemeerAuthor Commented:
Another blogpost was found with the exact solution
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
tls/ssl

From novice to tech pro — start learning today.