Reputation: 979
WCF service (self-hosted) over HTTPS - Get negotiated SSL/TLS protocol version
Due to security reasons, we wanted to disable TLS 1.0 support in our server on OS level (in followign SChannel registry):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
But because the SQL Server service won't start with TLS 1.0 disabled, we had to leave the TLS 1.0 enabled on OS level.
What we are trying to do now is to force the usage of TLS 1.2 on application level rather than on OS level.
Our application is Client-Server, running on .NET 4.5. On the Client, before calling the WCF service, we set:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
That ensures that the Client will send ClientHello message with TLS1.2 protocol.
But on the Server, which is self-hosted WCF service, we do not see how to force the TLS1.2 usage. The SSL/TSL negotiation on the Server side is based on the SChannel registry and thus setting the ServicePointManager.SecurityProtocol does not make any effect.
We would like to inspect the incoming WCF call in our Server code and check what TLS protocol used for the call, and close the connection if it is anything less than TLS1.2.
Is there any way how to get the incoming WCF call SSL/TLS protocol version? Something like HttpContext.WebSocketNegotiatedProtocol?
Upvotes: 9
Views: 1402
Answers (1)
Reputation: 85
Have you tried using a custom binding with sslStreamSecurity?
<sslStreamSecurity requireClientCertificate="false" sslProtocols="Tls12" />
Upvotes: 0
Related Questions
- consuming webservice using https protocol
- Track client TLS version from Self-Hosted WCF service
- How to make WCF Service Use HTTPS protocol
- Obtain TLS client certificate within WCF REST service method
- Way to tell if WCF service is called via HTTP or HTTPS?
- How to consume https wcf service?
- How to make a WCF Service work with https?
- How to get wcf communiction ONLY over Https
- WCF Check if the request was made securely
- How client get service security SSL?