Reputation: 4478
Anyway to restrict Owin HTTPS to TLS 1.2?
I want to lock down my Webapi to TLSv1.2 so TLSv1.1 is disallowed etc. I saw the following post but it seems it's only relevant to asp.net core: Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?
Any ideas how I can do this? I intitially had this code :
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3; // only allow TLSV1.2 and SSL3
But was unsure if this was the correct approach and whether it applies to just client connections.
Any ideas?
Upvotes: 5
Views: 2114
Answers (2)
Reputation: 6074
ServicePointManager is used for outgoing HTTP requests, not incoming. For incoming this needs to be configured in IIS, netsh, or the registry.
https://learn.microsoft.com/en-us/security/engineering/disable-legacy-tls covers IIS and netsh.
netsh http add sslcert <regular parameters> disablelegacytls=enable
Upvotes: 0
Reputation: 31
We use OWIN for ADFS WSFederation SSO and had a related issue with the application reporting an IOException when downloading the XML metadata.
Upon investigation the host of the XML was enforcing TLS 1.2.
Using the above line of code within the application corrected the issue and the OWIN configuration was able to download the XML metadata
Upvotes: 1
Related Questions
- Any way to restrict ASP.NET Core 2.0 HTTPS to TLS 1.2?
- Forcing HttpClient to enforce TSL higher than 1.0
- How to enable TLS 1.2 for API call in ASP.NET 2.0 application?
- WCF Client in .NET 4.5.1: How to enable TLS 1.2 when WebRequest is used?
- Convert OWIN Web API from http to https
- Using TLS 1.2 with ASP.NET Web API
- Can I use TLS 1.2 or 1.1 (if 1.2 is not available) in .net when calling a web servivce?
- How should I configure ASP.NET Web API 2 for OWIN in IIS?
- Force by config to use tls 1.0 in a wcf client c#
- Https and Http only on .net webapi v2 actions