TLS 1.2 in .NET Framework 4.0

asp.net.Net 4.0Windows Server-2008-R2tls1.2

asp.net Problem Overview

I have a Windows server 2008 R2 server running a dozen .NET Framework 4.0 WebForms applications, and I need to disable TLS 1.0 and lower. When I do that, all secure connections fail and I was forced to re-enable TLS 1.0. Is there any way to use TLS 1.2 in a framework 4.0 environment? Perhaps I am missing something?

Also, due to limitations of the version CMS we are using, we cannot upgrade the Framework at this time.

asp.net Solutions

Solution 1 - asp.net

If you are not able to add a property to system.net class library.

Then, add in Global.asax file:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2
ServicePointManager.SecurityProtocol = (SecurityProtocolType)768; //TLS 1.1

And you can use it in a function, at the starting line:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)768 | (SecurityProtocolType)3072;

And, it's being useful for STRIPE payment gateway, which only supports TLS 1.1, TLS 1.2.

EDIT: After so many questions on .NET 4.5 is installed on my server or not... here is the screenshot of Registry on my production server:

I have only .NET framework 4.0 installed.

registry

Solution 2 - asp.net

Make the following changes in your Registry and it should work:

1.) .NET Framework strong cryptography registry keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

2.) Secure Channel (Schannel) TLS 1.2 registry keys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Solution 3 - asp.net

The only way I have found to change this is directly on the code :

at the very beginning of your app you set

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

you should include the system.net class

I did this before calling a web service because we had to block tls1 too.

Solution 4 - asp.net

According to this, you will need .NET 4.5 installed. For more details, visit the webpage. The gist of it is that after you have .NET 4.5 installed, your 4.0 apps will use the 4.5 System.dll. You can enable TLS 1.2 in two ways:

  • At the beginning of the application, add this code: ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
  • Set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319: SchUseStrongCrypto to DWORD 1

Solution 5 - asp.net

I code in VB and was able to add the following line to my Global.asax.vb file inside of Application_Start

ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)    'TLS 1.2

Solution 6 - asp.net

There are two possible scenarios,

  1. If your application runs on .net framework 4.5 or less, and you can easily deploy new code to the production then you can use of below solution.

    You can add the below line of code before making the API call,

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // .NET 4.0

  2. If you cannot deploy new code and you want to resolve the issue with the same code which is present in the production, then you have two options.

Option 1 :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

then create a file with extension .reg and install.

Note : This setting will apply at registry level and is applicable to all application present on that machine and if you want to restrict to only single application then you can use Option 2

Option 2 : This can be done by changing some configuration setting in config file. You can add either in your config file.

<runtime>
    <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>
</runtime>

or

<runtime>
  <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"
</runtime>

Solution 7 - asp.net

I meet the same issue on a Windows installed .NET Framework 4.0.
And I Solved this issue by installing .NET Framework 4.6.2.
Or you may download the newest package to have a try.

Categories
Recommended asp.net Solutions
Recommended .Net 4.0 Solutions
Recommended tls1.2 Solutions

Previous Solution:

What / why is Roslyn "needed" in /bin folder of Asp.Net

asp.net Web-Apiasp.net Mvc-5Roslyn

Next Solution:

Copy to clipboard using Javascript in iOS

JavascriptIosCopyMobile SafariClipboard

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionbetagregView Question on Stackoverflow
Solution 1 - asp.netVikrantView Answer on Stackoverflow
Solution 2 - asp.netAditya LandgeView Answer on Stackoverflow
Solution 3 - asp.netMikeView Answer on Stackoverflow
Solution 4 - asp.netBrainStorm.exeView Answer on Stackoverflow
Solution 5 - asp.netuser2721607View Answer on Stackoverflow
Solution 6 - asp.netSagar BoroleView Answer on Stackoverflow
Solution 7 - asp.netKrain ChenView Answer on Stackoverflow