Closed defcore closed 9 months ago
Tratcher
commented
1 year ago Can you give an example of why you'd do that?
TLS versions are configured directly in Kestrel's HTTPS options. You need a compatible certificate to enable a specific version, but you can disable a version without changing the certificate.
defcore
commented
1 year ago I tried doing that by using:
.ConfigureWebHostDefaults(delegate (IWebHostBuilder webBuilder)
{
webBuilder.UseKestrel(kestrelOptions =>
{
kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12;
});
});
webBuilder.UseStartup<Startup>();
})But has no effect. When checking TLS versions I get TLS1.3 and TLS1.2.
Did I miss something?
Tratcher
commented
1 year ago UseKestrel -> ConfigureKestrel, but that shouldn't affect TLS.
How are you enabling LettuceEncrypt? Your ConfigureHttpsDefaults might be overwritten. https://github.com/natemcmaster/LettuceEncrypt/issues/142#issuecomment-779396243 https://github.com/natemcmaster/LettuceEncrypt/blob/ffbd458c4ce030b7fdfb5b024daa7845687afc5c/src/LettuceEncrypt/Internal/KestrelOptionsSetup.cs#L24
github-actions[bot]
commented
10 months ago This issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please comment if you believe this should remain open, otherwise it will be closed in 14 days. Thank you for your contributions to this project.
github-actions[bot]
commented
9 months ago Closing due to inactivity. If you are looking at this issue in the future and think it should be reopened, please make a commented here and mention natemcmaster so he sees the notification.
Is it possible to create a certificate that has only TLS 1.2 and no TLS 1.3?