Enabling TLS1.2 or TLS1.3 in c# asp.net core 3.1

Question

I am building a web app using asp.net core 3.1.

I want to enable TLS1.2 (or TLS1.3 if it works and is backward compatible.)

I have a web site running under IIS Express that is failing the SSL certificate.

The console shows the following error:

I followed some instructions and I thought I could solve the problem by executing the following code in CreateHostBuilder in Program.cs:

 public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.ConfigureKestrel(s => {
                        s.ConfigureHttpsDefaults(k =>
                        {
                            k.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
                        });
                    }).UseStartup<Startup>();
                });

I have run the application and it is still failing with the same error.

I am also running an implementation of IdentityServer4 on my local machine. That does not seem to have the same problem.

The identityserver4 site is secure.

How do I force my site to use TLS1.2 (or later)?

Answer 1

You can set the supported TLS protocols here:

webBuilder.UseKestrel((context, serverOptions) =>
{
    serverOptions.AddServerHeader = false;

    serverOptions.Listen(IPAddress.Any, 80);

    serverOptions.Listen(IPAddress.Any, 443,
        options =>
        {
            var cert = ...Load TLS certificate;

            options.UseHttps(serverCertificate: cert, configureOptions: httpsOptions =>
            {
                httpsOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
            });
        });
});

See also

• https://github.com/dotnet/aspnetcore/issues/22563
• https://karthiktechblog.com/aspnetcore/how-to-use-tls-1-2-in-asp-net-core-2-0-and-above