HTTPListener not using TLS 1.1 / 1.2 on .NET 4.6 and Server2012R2

Question

I have set up a simple .NET 4.6 web server, using the HTTPListener with a 'https' prefix and linked certificate on a server 2012 R2 machine. The https interface works, but only uses TLS 1.0 and not 1.1 or 1.2, which should be supported by default by the server 2012.

What I have tried so far, to force the system to use TLS 1.2:

• added and enabled SCHANNEL protocol in the registry for TLS 1.2
• added and enabled SchUseStrongCrypto in the registry for the .NET framework
• disabled SCHANNEL protocol for TLS 1.0 and SSL in the registry
• hardcoded via System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

But none of these seem to have the desired effect. When SSL and TLS 1.0 are disabled through SCHANNEL registry, the webserver becomes unreachable.

Framework .NET 4.6.2 has been installed. The executable has been built against .NET 4.6. Any hints?

Cheers.

Answer 1

Typing it in an answer as it might still be helpful, and its not just a comment.

In my case I was able to see main SSL handshake via Fiddler and see which cipher suite is being selected - although my case was the SSL client requesting strong specific ciphers with TLS1.2 to the server to work but I think it would not be much different the other way round. Secondly I have enabled all what you have mentioned in your question plus I also had to enable these in my app config file to finally make it to work.

<compilation targetFramework="4.6" />
<httpRuntime targetFramework="4.6" />