locked
WinRT (Windows Store Apps) enforcing to use Tls12 instead of SSLv3

    Question

  • As SSLv3 has been found to be vulnerable to the POODLE attack.

    I am  using WebService to communicate with server and wanted to disable security protocol SSLv3.

    Here how can I use Tls12 instead of SSLv3 in WinRT (Windows Store Apps)?

    I know the way to set the security protocol version in .Net Framework 4.5. as define below.

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

    Is there any API provided to configure security protocol in WinRT/Windows Store Apps?

    Wednesday, February 25, 2015 8:59 AM

Answers

  • Unfortunately, it's not possible at this time to set security cipher programmatically.  You can change it if you have access to the machine itself, either in IE settings or by changing the registry settings which control this.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Thursday, February 26, 2015 6:19 PM
    Moderator

All replies

  • I'm going to ask about this - I haven't been able to find it in the documentation.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Wednesday, February 25, 2015 2:14 PM
    Moderator

  • I am using webservice in my project. Current version is running successfully with SSLv3. But when serverside, where webservice is hosted, do not allow SSLv3 (allow tls1.0, 1.1 and 1.2), application couldn't connect to service.

    Thursday, February 26, 2015 12:32 PM
  • Unfortunately, it's not possible at this time to set security cipher programmatically.  You can change it if you have access to the machine itself, either in IE settings or by changing the registry settings which control this.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Thursday, February 26, 2015 6:19 PM
    Moderator
  • Thank you for your quick response. I'll use your suggestion
    Tuesday, March 3, 2015 7:40 AM