asp.net core5 set tls12 only but client request is still tls1

Question

public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }
        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.ConfigureKestrel(serverOptions =>
                    {
                        //Set properties and call methods on options
                        serverOptions.Listen(IPAddress.Any, 44376, listenOptions =>
                        {
                            listenOptions.Protocols = HttpProtocols.Http2;
                            listenOptions.UseHttps("C:\\Users\\IT04\\source\\Workspaces\\EsoMenuForLinux\\EsoMenuForLinux\\bin\\Debug\\localhosstssl.pfx",
                               "123");
                        });
                        serverOptions.ConfigureHttpsDefaults(listenOptions =>
                        {
                            listenOptions.SslProtocols = SslProtocols.Tls12;
                        });
                    })
                    .UseStartup<Startup>();
                });
    }

this is code. i set tls12 only ,but it don't work ! the client still requests in tls1.

Answer 1

Hi @阿里 林

As far as I know, IIS and IIS express need to modify the Register to enable the TLS 1.2. Since you're now just in testing, I don't suggest you modify these Register. Besides, all the codes you have used in asp.net core will just affect Kerstrel not the IIS express and IIS. If you still want to modify these things, I suggest you could refer to this article.