DotNetNuke 6 force site to use TLS1.2

Question

Does anyone know how to force DotNetNuke 6 to use TLS1.2 as a default sitewide?

I found a module for DotNetNuke 7 and above but the IServiceRouteMapper doesn't existing in the earlier version of DotNetNuke, this is what i found for DotNetNuke 7+

using DotNetNuke.Web.Api;
using System.Net;

namespace DotNetNuke.Security.Tls12
{
    public class ServiceRouteMapper : IServiceRouteMapper
    {
        public void RegisterRoutes(IMapRoute mapRouteManager)
        {

            // Enable TLS 1.2
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5
        }
    }
}

Answer 1

Its possible this project might work, but not sure it would work on DNN 6. Even if it does work, if this project is public, you really need to make upgrading a priority.

Force Outbound TLS 1.2 on DNN

https://github.com/davidjrh/dnn.tls12

Answer 2

Technically speaking you can do this with DNN 6.x if you have the ability to write a module that will guarantee get called, for example a skin object, a module on the homepage or otherwise.

This line of code

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Is a global change, but it does require .NET 4.5 which you might not be up to yet on DNN 6.x.

Taking a true security thought here, adding support for TLS 1.2 on a DNN 6.x site is futile, as there are much bigger concerns and upgrades should be done ASAP.

Answer 3

You should upgrade DNN. DNN 6 is really very old, and has a lot of security issues. The recent version is 9.8.0.

I think for DNN 6 this can only be done in IIS, but that means: for all sites on the server. See here for details.