none
WCF Net.tcp on Framework 3.5.x doesn't support Tls 1.1 or 1.2 ? And when to support it? RRS feed

  • Question

  • Am I right? 

    According to framework code, When wcf client communicates with server , wcf uses the classes SslStreamSecurityUpgradeAcceptor and  sslStreamSecurityUpgradeInitiator to provide ssl functions.

    But in the process of being authenticated (handshake period), the .net 3.5 code specifies to use SslProtocols.Default, which means 'Specifies that either Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 are acceptable for secure communications', no Tls 1.1 or 1.2 specified.

    Someone can tell me how or when to support this on .Net 3.5?

    --Jeff Z
    • Edited by Jeff.Z Friday, December 16, 2016 6:34 AM
    Friday, December 16, 2016 6:33 AM

Answers

  • Many thanks !

    Finally, i  implemented a custom UpgradeAcceptor to specify the SslProtocols like what .Net 4.6 did. It works though it spent much time.


    • Edited by Jeff.Z Friday, March 3, 2017 9:02 AM
    • Marked as answer by Jeff.Z Friday, March 3, 2017 9:02 AM
    Friday, March 3, 2017 9:02 AM

All replies

  • Hi Jeff,

    Based on this link Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1, it seems we could enable TLS in .NET Framework 3.5.1. But, not sure whether it will work for WCF. I suggest you refer the link below to check whether it will work.

    # Default SecurityProtocol in .NET 4.5

    http://stackoverflow.com/questions/28286086/default-securityprotocol-in-net-4-5

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, December 16, 2016 8:31 AM
  • Hi Edward,

    Very thanks for your answer.

    Based on the link you provided,  uses the SslStream.AuthenticateAs* APIs to specify a specific SslProtocols enum, the registry setting behavior does not occur. 

    While in the code of SslStreamSecurityUpgradeAcceptor.cs, which is used by Wcf Net.tcp, it did specify to use SslProtocols.Default. 

    So very sorry it is not work.

    Best Regards,

    --Jeff Z


    Tuesday, December 20, 2016 3:12 AM
  • Hi Jeff,

    Thanks for more information. I just realize that SslStreamSecurityUpgradeAcceptor use SslProtocols.Default which will override the registry settings.

    It is sad that there is no internal channel for us to connect .net framework developer team. Not sure whether it will be supported later, I would suggest you upgrade .Net 3.5 to later version.

    Sorry for any inconvenience.

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, December 20, 2016 7:07 AM
  • Many thanks !

    Finally, i  implemented a custom UpgradeAcceptor to specify the SslProtocols like what .Net 4.6 did. It works though it spent much time.


    • Edited by Jeff.Z Friday, March 3, 2017 9:02 AM
    • Marked as answer by Jeff.Z Friday, March 3, 2017 9:02 AM
    Friday, March 3, 2017 9:02 AM