Using TLS 1.2 with ASP.NET Web API

Question

I have several services written with ASP.NET 4.5.2 that fetch data from an external web service. These services have worked perfectly without error for a year or so. However, the third-party supplier has recently restricted their API to requests from clients using TLS 1.1 or higher.

Our services have been failing as they are being rejected by the extrnal web service. I have checked the server we use to host our service - Windows Server 2012 R2 - and this has TLS 1.1 and 1.2 configured (I have checked the registry keys). So surely our .NET service requests should default to one of those?

The fact our services are still being rejected suggests we are still sending our requests using TLS 1.0.

How can I check if our services are using TLS 1.1 or higher? How can I enable the services to use TLS 1.1 or higher?

Answer 1

The fact our services are still being rejected suggests we are still sending our requests using TLS 1.0.

In this case you are are using TLS as a client, not a server to connect to a remote service.

I have several services written with ASP.NET 4.5.2

There are registry keys you need to change for the .NET Framework 4.5.2 in order for TLS 1.2 to be used. This is documented here in the .NET TLS guide.

Perhaps the easiest thing to do would just be to move to the latest version of the .NET Framework. If that is not possible, you can do as the guide says

Set the SchUseStrongCrypto and SystemDefaultTlsVersions registry keys to 1.

Answer 2

You can use below tool to check the TLS protocols that the client's host name is supporting.

https://www.ssllabs.com/ssltest/analyze.html

1. Go to this Qualys SSL Labs, enter the client host name (ex: abdc.com).
2. Once report is generated, scroll down to Configuration section.

You will find the status of TLS 1.0/1.1/1.2/1.3/SSL3/SSL2

To understand the relation between .Net framework & TLS, refer below link.

https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/