Reputation: 783
Trying to run TLS1.2 on XP sp3 with .net 4.0
Before we begin, I am aware the proper thing would be to upgrade the OS. I am trying to work around this issue and as you might imagine there are a lot of dead ends. I found something that seems to work but I am not clear on why specifically and looking for some help.
Windows XP does not support SSL/TLS 1.1/1.2
Source 1
Source 2
.Net 4.0 does not support TLS 1.2
Source 3
.Net 4.5+ does support TLS 1.2 but cannot be installed on XP
Source 4 Source 5
If you override ServerCertificateValidationCallback with your own cert validation it works. Why? What is going on? Is it really working? Its appears to be communicating over SSL. Network operations assures me there is no fall back SSL/TLS on the server.
Alternatives: Get self signed cert for older TLS 1.0, cant get this
from CA anymore
use other C++ library or similar that supports TLS 1.2
and call it from .NET
UPDATE 1: I still dont know why the ServerCertificateValidationCallback seems to work. Now I am looking to see what Cipher Suite is supported by specifically XP SP3. I am looking at packets and using this article as a guide. As was pointed out, even if I find an alternative library if the Cipher Suite is not being served or accepted I am still no go with a solution.
I did try SecureBlackBox with some success (was TLS1.2) but I could not get it to authorize the cert from the cert authority. https://www.eldos.com/sbb/
UPDATE 2: Learning a lot of how this works Thank you Mr Ullrich et. al.
UPDATE 3: At this point I am looking at using an Apache Proxy on the XP machine to do the TLS1.2 SHA256 CA verification communication (Non Windows Stack) and having my .net 4.0 communication to talk to this proxy locally (on machine), while any communication leaving the machine is properly secured.
Upvotes: 3
Views: 3532
Answers (1)
Reputation: 123375
The certificate and the validation of the certificate has nothing to do with the TLS version. You can use the same certificate with SSL 3.0 ... TLS 1.3. But just because your certificate can be used with all of these does not make your local TLS stack magically aware of how the TLS 1.2 protocol works.
If you want TLS 1.2 support on Windows XP look outside of the Windows TLS stack, i.e. look at OpenSSL, NSS and other libraries. It looks like that there is a library offering support for recent OpenSSL in .NET, but I'm not sure if this will still work on XP. See https://github.com/openssl-net/openssl-net.
Upvotes: 1
Related Questions
- Windows XP Embedded PosReady 2009 support for TLS1.2
- TLS 1.2 in .NET Framework 4.0
- C# Could not create ssl/tls secure channel on Windows 7/Windows Server, using TLS1.2
- .NET Framework 3.5 and TLS 1.2
- how to enable TLS 1.3 in windows 10
- TLS1.2 does not exist with .NET v4.7
- Enable TLS 1.2 on .NET 4.5.1
- tls 1.2 in .net 4.7 not working
- Can't get SslStream in C# to accept TLS 1.2 protocol with .net framework 4.6
- How to make TLS requests in .Net 4 on Windows XP to servers with SSL3 disabled?