question

25204127 avatar image
0 Votes"
25204127 asked BrandoZhang-MSFT answered

asp.net core5 set tls12 only but client request is still tls1

 public class Program
     {
         public static void Main(string[] args)
         {
             CreateHostBuilder(args).Build().Run();
         }
         public static IHostBuilder CreateHostBuilder(string[] args) =>
             Host.CreateDefaultBuilder(args)
                 .ConfigureWebHostDefaults(webBuilder =>
                 {
                     webBuilder.ConfigureKestrel(serverOptions =>
                     {
                         //Set properties and call methods on options
                         serverOptions.Listen(IPAddress.Any, 44376, listenOptions =>
                         {
                             listenOptions.Protocols = HttpProtocols.Http2;
                             listenOptions.UseHttps("C:\\Users\\IT04\\source\\Workspaces\\EsoMenuForLinux\\EsoMenuForLinux\\bin\\Debug\\localhosstssl.pfx",
                                "123");
                         });
                         serverOptions.ConfigureHttpsDefaults(listenOptions =>
                         {
                             listenOptions.SslProtocols = SslProtocols.Tls12;
                         });
                     })
                     .UseStartup<Startup>();
                 });
     }

this is code. i set tls12 only ,but it don't work ! the client still requests in tls1.

dotnet-aspnet-core-webapidotnet-aspnet-core-security
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @25204127,

Could you please tell me where you hosted your ASP.NET Core application? On the IIS or on the windows service?

0 Votes 0 ·
25204127 avatar image 25204127 BrandoZhang-MSFT ·

thanks your answer. the code is on IISExpress on vs2019. i'm developing

this is launchsettings.json
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:53060",
"sslPort": 44376
}
},
"$schema": "http://json.schemastore.org/launchsettings.json",
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "api/home/index",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"WebApplication1fForLinux": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "https://localhost:6001;http://localhost:6000"
}
}
}

0 Votes 0 ·

I suggest you could run the application by using application instead of IIS express and try again. Like this134939-image.png


0 Votes 0 ·
image.png (15.6 KiB)
Show more comments

1 Answer

BrandoZhang-MSFT avatar image
0 Votes"
BrandoZhang-MSFT answered

Hi @25204127

As far as I know, IIS and IIS express need to modify the Register to enable the TLS 1.2. Since you're now just in testing, I don't suggest you modify these Register. Besides, all the codes you have used in asp.net core will just affect Kerstrel not the IIS express and IIS. If you still want to modify these things, I suggest you could refer to this article.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.