Closed defcore closed 9 months ago
Can you give an example of why you'd do that?
TLS versions are configured directly in Kestrel's HTTPS options. You need a compatible certificate to enable a specific version, but you can disable a version without changing the certificate.
I tried doing that by using:
.ConfigureWebHostDefaults(delegate (IWebHostBuilder webBuilder)
{
webBuilder.UseKestrel(kestrelOptions =>
{
kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12;
});
});
webBuilder.UseStartup<Startup>();
})
But has no effect. When checking TLS versions I get TLS1.3 and TLS1.2.
Did I miss something?
UseKestrel -> ConfigureKestrel, but that shouldn't affect TLS.
How are you enabling LettuceEncrypt? Your ConfigureHttpsDefaults might be overwritten. https://github.com/natemcmaster/LettuceEncrypt/issues/142#issuecomment-779396243 https://github.com/natemcmaster/LettuceEncrypt/blob/ffbd458c4ce030b7fdfb5b024daa7845687afc5c/src/LettuceEncrypt/Internal/KestrelOptionsSetup.cs#L24
This issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please comment if you believe this should remain open, otherwise it will be closed in 14 days. Thank you for your contributions to this project.
Closing due to inactivity. If you are looking at this issue in the future and think it should be reopened, please make a commented here and mention natemcmaster so he sees the notification.
Is it possible to create a certificate that has only TLS 1.2 and no TLS 1.3?