I am attempting to connect to a WCF service endpoint using TLS 1.1 or 1.2. TLS 1.0 works, but it will be disabled at some point in the future, and only TLS 1.1/1.2 will be allowed.
The client application is targeting .Net Framework 3.5. I have tried running it on Windows Server 2016, 2012 R2, and Windows 10, but have not been able to get it to use TLS 1.1/1.2 on any of them.
My understanding according to the two following articles is that it is possible to use TLS 1.1/1.2 with .Net Framework 3.5 as long as your system is up to date, and you either specify the TLS version in code, or you perform the mentioned registry edits:
I have made the registry edits in article #2 linked above, as well as tried to specify the TLS version as mentioned in the "Developer guidance" section in article #2 (Tried all 3 options, 1.1, 1.2, and SystemDefault). I also have also tried to set:
1) the HKEY_LOCAL_MACHINE\SOFTWARE[Wow6432Node]Microsoft.NETFramework\<VERSION>: SchUseStrongCrypto
2) HKEY_LOCAL_MACHINE\SOFTWARE[Wow6432Node]Microsoft.NETFramework\<VERSION>: SystemDefaultTlsVersions
I am able to make TLS 1.1/1.2 connections to ssllabs.com test endpoints (https://www.ssllabs.com:10302 & https://www.ssllabs.com:10303) when using the WebRequest class, it is just WCF that does not work. WCF only seem to try SSL3 or TLS 1.0. I have enabled extra logging for Schannel in the event viewer by making a registry edit, which then displays the TLS version being used for the connection.
For WCF I am using SecurityMode.Message, MessageCredentialType.None, and wsHttpBinding.
There is a heading in article #1 (For WCF using .NET Framework 3.5 - 4.5.2 using TCP transport security with Certificate Credentials), that states TCP transport security with Certificate credentials must upgrade to 4.6 or later for TLS 1.1/1.2. Is this perhaps the case for message security too? (In a separate test app I have only gotten tls 1.1/1.2 to work if I target at least 4.7)
I understand that updating the target framework to 4.7 or higher will solve this, but if at all possible I need to get this working with .Net Framework 3.5.
Does anyone know if it is possible to use WCF targeting .Net Framework 3.5 with message security to use TLS 1.1 or 1.2?