locked
WinRT (Windows Store Apps) enforcing to use Tls12 instead of SSLv3

    Question

  • Hi,

    As SSLv3 has been found to be vulnerable to the POODLE attack.I am using `Windows.Web.Http.HttpClient` class to communicate with server and wanted to disable security protocol SSLv3 from client request. Here how can I use Tls12 instead of SSLv3 in WinRT (Windows Store Apps)?

    I know the way to set the security protocol version in .Net Framework 4.5. as define below.

        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

    Is there any API provided to configure security protocol in WinRT/Windows Store Apps?

    Note: Working on Windows phone 8.1 runtime

    Friday, October 31, 2014 12:56 PM

All replies

  • The default security protocol used in WinINet (which the HttpClient class and IE uses) is TLSv1.2. Why do you think that Windows Phone 8.1 is communicating using SSLv3? The HttpClient passes the default security protocol version to WinInet, which then calls into SSPI to negotiate the "default" strongest algorithm, so you should already be using the default protocol - TLS 1.2.

    Thanks,

    Prashant


    Windows Store Developer Solutions, follow us on Twitter: @WSDevSol|| Want more solutions? See our blog

    Friday, October 31, 2014 9:27 PM
    Moderator
  • Thanks for the reply.

    I wanted to block the server(e.g. 3rd party web service) communication which supports SSLv3 on highest level from client request. How can I do in such scenario?

    Thanks,
    Vivek
    Thursday, November 6, 2014 7:35 AM