Join Log in
Score:0
avatar Server

What version of TLS is a .NET Core 3.1 + .NET Standard 2.0 application using HttpClient on Windows Server 2016 using?

sn flag
homledaspa

I have

  1. an application which consists of a .NET Core 3.1 console app
  2. and a .NET Standard 2.0 library.
  3. The console app calls the library which uses System.Net.Http.HttpClient to call a https://... API.
  4. The entire application runs on Windows Server 2016 Datacenter (Version 1607 Build 14393.4704)

When using the HttpClient I do this

HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("WWW-Authenticate", $"BASIC ...");
var response = await client.PostAsync(apiUrl, contentString);

Which version of TLS is being used by default?

It would be great if somebody to give me a link to Microsoft's documentation.

589
0 + 0
ssl
bjoster avatar
cn flag
bjoster
So you are writing software?
0
Reply
Score:-1
avatar Server
sn flag
homledaspa

Not 100% sure but ...

After some googling I find this Microsoft documentation. Seems like if one leaves the default SSL settings on the HttpClient, then the HttpClient uses the default OS TLS settings. And on Windows Server 2016 this seems to be TLS 1.2

Windows Server 2016 Datacenter (Version 1607 Build 14393.4704)

  1. TLS enabled by default on Windows Server 2016: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#support-for-tls-12 https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_winhttp

To enable TLS 1.2 on Windows Server 2016

  1. How to enable TLS 1.2 on the site servers and remote site systems https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-server
  2. Check registry settings (see first link above, I can only post 8 links because I have too little reputation)

.NET Core 3.1

  1. On .NET Core 3.1 HttpClient uses System.Net.Http.SocketsHttpHandler HttpClient

    1. documentation https://docs.microsoft.com/en-us/dotnet/api/system.net.http.httpclient?view=net-6.0#remarks

  2. SocketsHttpHandler

    1. documentation https://docs.microsoft.com/en-us/dotnet/api/system.net.http.socketshttphandler?view=net-6.0

  3. SocketsHttpHandler has a property SslOptions https://docs.microsoft.com/en-us/dotnet/api/system.net.http.socketshttphandler.ssloptions?view=net-6.0#system-net-http-socketshttphandler-ssloptions

  4. SslOptions has a property EnabledSslProtocols https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.enabledsslprotocols?view=net-6.0#system-net-security-sslclientauthenticationoptions-enabledsslprotocols

  5. EnabledSslProtocols has a default value none

  6. The default value none for EnabledSslProtocols means: Allows the operating system to choose the best protocol to use, and to block protocols that are not secure. Unless your app has a specific reason not to, you should use this field.

    1. https://docs.microsoft.com/en-us/dotnet/api/system.security.authentication.sslprotocols?view=net-6.0
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.