Reputation: 1741
I have a very "simple" problem. I have a WCF-Server which should only be accepting TLS 1.2 connections. But every time i connect to it trough firefox or any browser it uses TLS 1.0.
.NET Framework-Version is 4.6.1 so it should support TLS 1.2. Here's my app.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
</configSections>
<connectionStrings>
<add name="WCFServer.Properties.Settings.ConnectionString" connectionString="SomeConnectionString" />
</connectionStrings>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="TestNetTcpBinding">
<reliableSession enabled="true" />
<security>
<message clientCredentialType="Windows" algorithmSuite="Basic256Sha256Rsa15" />
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="MyCustomAttributeBehavior">
<Validator />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="mex" policyVersion="Default" />
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="Validator" type="WCFServer.RightAttribute.MyBehaviorSection, WCFServer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</behaviorExtensions>
</extensions>
<services>
<service behaviorConfiguration="DefaultBehavior" name="WCFServer.Services.Implementations.BusinessService">
<endpoint address="ProductService" behaviorConfiguration="MyCustomAttributeBehavior"
binding="netTcpBinding" bindingConfiguration="TestNetTcpBinding"
contract="WCFServer.Services.Interfaces.IProductService" />
<endpoint address="UserService" behaviorConfiguration="MyCustomAttributeBehavior"
binding="netTcpBinding" bindingConfiguration="TestNetTcpBinding"
contract="WCFServer.Services.Interfaces.IUserService" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://SomeHost/WCFService/Service" />
<add baseAddress="https://SomeHost/WCFService/Service" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="NHibernate" publicKeyToken="aa95f207798dfdb4" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.1.0.4000" newVersion="4.1.0.4000" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
I hope i didnt **** up formatting of the XML too bad. Sorry for that. I put it in a console application to test things out. Here's my main method (where I try to set the SecurityProtocol to only TLS 1.2)
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var host = new ServiceHost(typeof(BusinessService));
host.Open();
Console.WriteLine("Services Ready");
Console.WriteLine("Press any button to close services.");
Console.Read();
host.Close();
Environment.Exit(0);
My class BusinessService
implements both IUserService
and IProductService
.
You can ignore the MyCustomAttributeBehavior
. Just some "Interceptor" stuff, which shouldn't matter.
EDIT: Certificate is OK. Also firefox says that. Does the certificate have to meet any special requirements? I don't think so but I'm not sure.
I already tried setting the SecurityProtocol
before and after the host.Open()
. Both didnt work.
Any help is appreciate.
Thanks!
Upvotes: 0
Views: 699
Reputation: 13859
ServicePointManager.SecurityProtocol
is only used for opening connections, not for connections being received. If you're using an HTTP-based binding (such as BasicHttpsBinding), then the SSL/TLS version used will depend on the HTTP.SYS configuration (self-hosted or in IIS), which in turn depends on the global SCHANNEL settings on the machine.
In this case, you're using NetTcp, which last I remember does not use SSL/TLS at all.
Upvotes: 1