Closed Tragen closed 5 years ago
I'm not sure right now, but I already tried that. If I remember correctly, it will fail silently on Mono (neither TLS 1.0 will work).
You should check it out.
[]'s
I can only speak for Windows where it's working. I don't use Linux and Mono.
@Tragen I'm not sure how did you tested it, but if you try it on a clean Windows 7 SP1 machine without installing any additional .NET Framework you will get this error:
System.NotSupportedException: The requested security protocol is not supported.
at System.Net.ServicePointManager.set_SecurityProtocol(SecurityProtocolType value)
A sample code for testing:
TlsTest.cs
using System.Net;
using System;
using System.Text.RegularExpressions;
namespace TlsTest
{
class Program
{
// https://github.com/mono/mono/blob/master/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SecurityProtocolType.cs
enum SecurityProtocolType
{
Default = -1073741824,
Ssl2 = 12,
Ssl3 = 48,
Tls = 192,
Tls11 = 768,
Tls12 = 3072,
}
static void Main(string[] args)
{
try
{
//ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)SecurityProtocolType.Tls;
//ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)SecurityProtocolType.Tls11;
ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)SecurityProtocolType.Tls12;
//ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)SecurityProtocolType.Tls | (System.Net.SecurityProtocolType)SecurityProtocolType.Tls11 | (System.Net.SecurityProtocolType)SecurityProtocolType.Tls12;
WebClient wc = new WebClient();
// TLS 1.0, TLS 1.1, TLS 1.2
string result = wc.DownloadString("https://www.howsmyssl.com/a/check");
Console.WriteLine(Regex.Match(result, "\"tls_version\":\".+?\"").Value);
byte[] data;
// TLS 1.0, TLS 1.1, TLS 1.2
data = wc.DownloadData("https://www.google.com/favicon.ico");
Console.WriteLine("TLS 1.0: {0}", data.Length);
// TLS 1.1, TLS 1.2
data = wc.DownloadData("https://tls1test.salesforce.com/favicon.ico");
Console.WriteLine("TLS 1.1: {0}", data.Length);
// TLS 1.2
data = wc.DownloadData("https://github.com/favicon.ico");
Console.WriteLine("TLS 1.2: {0}", data.Length);
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
Console.ReadKey();
}
}
}
You can compile it with:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe TlsTest.cs
On Windows 7 TLS 1.1 and TLS 1.2 are disabled by default. You have to enable them in the registry.
Yes, with this tweak on the registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
This will let Outlook for example connect using TLS 1.1 or TLS 1.2, but .NET still refuses to connect using it.
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream.
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
I'm missing something? Maybe a specific KB from Microsoft?
Well, I did another shot after updating the whole operational system, but still no luck.
Anyway, I don't mind in getting the requirements higher, but I'm still not sure that your workaround works on .NET 2.0. The article makes reference to .NET 3.5.
If you still want to support .Net 2.0 and use TLS 1.2, you can use this code. I'm using it in my own KeePass Favicon Downloader.
// Only available from .Net 4.5+ // System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;
const System.Security.Authentication.SslProtocols _Tls12 = (System.Security.Authentication.SslProtocols)0x00000C00; const System.Net.SecurityProtocolType Tls12 = (System.Net.SecurityProtocolType)_Tls12; System.Net.ServicePointManager.SecurityProtocol = Tls12;
You can close this bug anytime.