none
.Net Framework 3.5 WCF Net/Tcp doesn't support TLS 1.2 RRS feed

  • Question

  • Hi

    The .Net Framework 3.5 SP1 can support TLS 1.2 with this KB (https://support.microsoft.com/en-us/kb/3154518), however the WCF is still using the default protocol (SSL 3.0/TLS 1.0), and there is no way to change it, so my question is how to suggest Microsoft Team to provide a KB for WCF to support TLS 1.2? Thank you.

    More background information: We are developing application in SharePoint 2010 which cannot use .Net Framework 4.x, so we still need to use .Net Framework 3.5.

    BTW: the code is from WCF SslStreamSecurityUpgradeInitiator which is using default protocol.

    // System.ServiceModel.Channels.SslStreamSecurityUpgradeInitiator
    protected override Stream OnInitiateUpgrade(Stream stream, out SecurityMessageProperty remoteSecurity)
    {
        X509CertificateCollection x509CertificateCollection = null;
        LocalCertificateSelectionCallback userCertificateSelectionCallback = null;
        if (this.clientToken != null)
        {
            x509CertificateCollection = new X509CertificateCollection();
            x509CertificateCollection.Add(this.clientToken.Certificate);
            userCertificateSelectionCallback = SslStreamSecurityUpgradeInitiator.ClientCertificateSelectionCallback;
        }
        SslStream sslStream = new SslStream(stream, false, new RemoteCertificateValidationCallback(this.ValidateRemoteCertificate), userCertificateSelectionCallback);
        try
        {
            sslStream.AuthenticateAsClient(string.Empty, x509CertificateCollection, SslProtocols.Default, false);
        }
        catch (SecurityTokenValidationException ex)
        {
            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(ex.Message, ex));
        }
        catch (AuthenticationException ex2)
        {
            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(ex2.Message, ex2));
        }
        catch (IOException ex3)
        {
            throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityNegotiationException(SR.GetString("NegotiationFailedIO", new object[]
            {
                ex3.Message
            }), ex3));
        }
        if (SecurityUtils.ShouldValidateSslCipherStrength())
        {
            SecurityUtils.ValidateSslCipherStrength(sslStream.CipherStrength);
        }
        remoteSecurity = this.serverSecurity;
        if (this.IsChannelBindingSupportEnabled)
        {
            this.channelBindingToken = ChannelBindingUtility.GetToken(sslStream);
        }
        return sslStream;
    }

    Best Regards,

    Long


    Long

    Wednesday, December 14, 2016 6:06 AM

All replies

  • Hi Long,

    It is sad there is no feedback channel for WCF. If it is urgent, I will suggest you contact the Microsoft professional support so that our engineers can work closely with you to troubleshoot this issue.

    If the support engineer determines that the issue is the result of a bug the service request will be a no-charge case and you won't be charged. Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Thursday, December 15, 2016 2:15 AM