.NET
Microsoft Technologies based on the .NET software framework.
3,421 questions
Using TLS 1.1/1.2 in WCF with .Net Framework 3.5
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 7.000000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
olelar
1
Reputation point
Hello,
I am attempting to connect to a WCF service endpoint using TLS 1.1 or 1.2. TLS 1.0 works, but it will be disabled at some point in the future, and only TLS 1.1/1.2 will be allowed.
The client application is targeting .Net Framework 3.5. I have tried running it on Windows Server 2016, 2012 R2, and Windows 10, but have not been able to get it to use TLS 1.1/1.2 on any of them.
My understanding according to the two following articles is that it is possible to use TLS 1.1/1.2 with .Net Framework 3.5 as long as your system is up to date, and you either specify the TLS version in code, or you perform the mentioned registry edits:
- https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
- https://support.microsoft.com/en-us/topic/support-for-tls-system-default-versions-included-in-the-net-framework-3-5-on-windows-8-1-and-windows-server-2012-r2-499ff5ef-a88a-128b-c639-ed038b7d2d5f
I have made the registry edits in article #2 linked above, as well as tried to specify the TLS version as mentioned in the "Developer guidance" section in article #2 (Tried all 3 options, 1.1, 1.2, and SystemDefault). I also have also tried to set:
- the HKEY_LOCAL_MACHINE\SOFTWARE[Wow6432Node]Microsoft.NETFramework\<VERSION>: SchUseStrongCrypto
- HKEY_LOCAL_MACHINE\SOFTWARE[Wow6432Node]Microsoft.NETFramework\<VERSION>: SystemDefaultTlsVersions
I am able to make TLS 1.1/1.2 connections to ssllabs.com test endpoints (https://www.ssllabs.com:10302 & https://www.ssllabs.com:10303) when using the WebRequest class, it is just WCF that does not work. WCF only seem to try SSL3 or TLS 1.0. I have enabled extra logging for Schannel in the event viewer by making a registry edit, which then displays the TLS version being used for the connection.
For WCF I am using SecurityMode.Message, MessageCredentialType.None, and wsHttpBinding.
There is a heading in article #1 (For WCF using .NET Framework 3.5 - 4.5.2 using TCP transport security with Certificate Credentials), that states TCP transport security with Certificate credentials must upgrade to 4.6 or later for TLS 1.1/1.2. Is this perhaps the case for message security too? (In a separate test app I have only gotten tls 1.1/1.2 to work if I target at least 4.7)
I understand that updating the target framework to 4.7 or higher will solve this, but if at all possible I need to get this working with .Net Framework 3.5.
Does anyone know if it is possible to use WCF targeting .Net Framework 3.5 with message security to use TLS 1.1 or 1.2?
Thank you
.NET
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 12%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Jiayao Wu-MSFT 186 Reputation points Microsoft Vendor2021-09-13T08:26:58.75+00:00 Hi @olelar ,
As I know, .NET 3.5 or below. TLS 1.2 is not supported and there is no workaround. You should upgrade your application to more recent version of the framework. -
olelar 1 Reputation point
2021-09-13T17:16:20.943+00:00 Thank you for your answer @JiayaoWuMSFT-8028,
To confirm, when you say that TLS 1.2 is not supported in .NET 3.5 Framework, that is just for WCF? I am able to make TLS 1.1/1.2 connections to ssllabs.com using the WebRequest class in an app that targets .NET Framework 3.5, it is just WCF that does not seem to work.
Thank you
-
Jiayao Wu-MSFT 186 Reputation points Microsoft Vendor
2021-09-14T06:07:37.7+00:00
Sign in to comment