none
TLS 1.2 support for .NET Framework 3.5 in windows server 2008 R2 RRS feed

  • Question

  • Hi, 

    Can someone share their knowledge regarding the below questions please?

    We have many external vendors that are gradually upgrading their web services to use TLS 1.2 instead of TLS 1.0/1.1, the applications that call these external web services are all running in .NET framework 3.5. We are aware that .NET 4.5 by default supports TLS 1.2, but migrating all of our applications to .NET 4.5 is somewhat difficult in the short term for us.

    Going through Microsoft docs I've stumbled upon a support article that states there is actually an update that allows .NET 3.5 to be compatible with TLS 1.2 : 

    https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework

    This solution introduces guidelines to fix this in two possible ways: 

    • Install the patch 
    • Make code changes to create an extension to use System.Net.ServicePointManager.SecurityProtocol 

    We've relayed this information to our infrastructure team that handles the application servers, we are using windows server 2008 R2 in the servers where all of our applications are deployed and running in .NET 3.5 but the .net framework 4.5 is also installed in this servers because we also have many applications running in the latest versions of .NET (4.5/4.6). The infrastructure team worry is that this patch will somehow create a conflict between .NET framework 3.5 and 4.5. Our Development team has made all possible tests regarding this patch and it doesn't state anywhere that there might be a conflict if we proceed with the patch and that applications running under .NET 4.5/4.6 won't be affected by this update.

    • Is there a possibility that applications running in .NET 4.5/4.6 might by affected by this update?
    • Is this update enough for windows server 2008 R2 to allow TLS 1.2 for .NET framework 3.5?

    Thanks!!

    Regards

    Ivanovich Olivier

    Thursday, February 15, 2018 10:09 AM

All replies

  • Hi lvanivich Olivier,

    Thank you for posting here.

    >>Is there a possibility that applications running in .NET 4.5/4.6 might by affected by this update?

    As I know, there is no declaration that it would be affected by this update.

    >>Is this update enough for windows server 2008 R2 to allow TLS 1.2 for .NET framework 3.5?

    The update is for Windows server 2008 R2 SP1, please try to update your windows server by KB976932.

    https://www.microsoft.com/EN-US/download/details.aspx?id=5842

    And it is for .net framework 3.5.1, try to install .net 3.5.1.

    https://www.microsoft.com/en-us/download/details.aspx?id=22

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Thursday, February 15, 2018 5:07 PM
    Moderator
  • Thank you for the answer Wendy,

    In our servers we have applications running in both CLR 2.0 ( .net framework 3.5) and CLR 4.0 (.net framework 4.5/4.6), if we apply this patch:

    •  Can the two frameworks versions coexist in the same server and not be affected one another by applying this update ?.
    • Will this update affect framework 4.5/4.6 in general and its TLS protocol by default (1.2) ?

    Sorry for the hassle Wendy, but we want to make sure that only .net 3.5 fx will get affected by this patch, and that all of our other applications/frameworks ( .net => 4.5 ) will keep working as usual.

    Thanks again, 

    Regards

    IO

    Friday, February 16, 2018 10:48 AM
  • Hi Ivanovich Olivier,

    >>Can the two frameworks versions coexist in the same server and not be affected one another by applying this update ?.

    It would not be affected by one the other.

    >>Will this update affect framework 4.5/4.6 in general and its TLS protocol by default (1.2) ?

    No, it would not. If it would be affected, Microsoft will report in the article. Please pay attention to this article.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Friday, March 2, 2018 8:11 AM
    Moderator