Login/Register
System.Net.SecurityProtocolType.Tls12 definition not found
Asked Answered
c#.netssltls1.2
M

7

25

I'm trying to add the following line of code to the Global.asax file in a website project.

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

The vs2012 IntelliSense is showing that Tls12 definition exist. But the build is saying that the definition does not exist (See screen shot).

screen shot

I've tried adding System.Net.dll to the bin folder of the project, but the build still failed. Any idea how I might be able to resolve this?

Mettlesome answered 13/11, 2017 at 16:56 Comment(7)
If you try to "add" it please do not do it with = sign . .this will delete all others and leave only Tls12. Use |= instead.Ainsley
would that make it try Tls12 first?Mettlesome
As far as I know, some external resource will try to establish connection with your website using some version of the the TLS protocol and eventually .NET will check which are the supported version you have for your runtime. I don't think that it will try to create connection with everyone of them until it finds the desired version.Ainsley
k. Thanks, I'll look more into this. My process actually goes out to call web services. We want the process to always try Tls12 first before drop download to Tls11...Mettlesome
May I ask why would you consider doing this, I am just curious. :)Ainsley
PCI requirement. But even if there is no such requirement, I would prefer it to try to latest, more secure protocol first.Mettlesome
Ow, so you are the client not the server and you want to try with the most secure tls version first , that makes sense now. I thought before that you are the server. I'll see what I can do to find what you want to achieve and get back to you.Ainsley
H
65

SecurityProtocolType.Tls11 and SecurityProtocolType.Tls12 enum values are missing on Framework 4.0 only.

SecurityProtocolType numeric values:
SystemDefault (0)
Ssl3 (48 - 0x30)
Tls (192 - 0xC0)
Tls11 (768 - 0x300) missing on Framework 4.0
Tls12 (3072 - 0xC00) missing on Framework 4.0

On Framework 4.0, if want to allow TLS 1.0, 1.1 and 1.2, just replace:

SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12

by:

(SecurityProtocolType)(0xc0 | 0x300 | 0xc00)
Hamish answered 15/7, 2018 at 7:32 Comment(5)
There also used to be a SecurityProtocolType.SystemDefault (0x00) that disappeared again after some update.Gypsum
Thanks, this worked in my .NET 4.0, Silverlight 5 project.Thaw
the VB version of this is CType((&HC0 Or &H300 Or &HC00), System.Net.SecurityProtocolType)Oracle
Thank you very much for this (SecurityProtocolType)(0xc0 | 0x300 | 0xc00) it saved my day :)Referee
Adding (SecurityProtocolType)(0xc0 | 0x300 | 0xc00) worked for me. But this is so ridiculous. Why should these protocols be removed and then added manually to work? By the way, I'm so grateful @HamishVicechairman
K
23

TLS and How to avoid connection errors.

  • .NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2, it’s supported by default.
  • .NET 4.5. TLS 1.2 is supported but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
  • .NET 4.0. TLS 1.2 is not supported, but if you have .NET 4.5 (or above) installed on the system then you still can opt in for TLS 1.2 even if your application framework doesn’t support it. The only problem is that SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS1.2, so we’d have to use a numerical representation of this enum value:
    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
  • .NET 3.5 or below. TLS 1.2 is not supported (*) and there is no workaround. Upgrade your application to more recent version of the framework.

Personally on my .Net 4.0 Framework with some asp classic files I used:

    ServicePointManager.SecurityProtocol = (SecurityProtocolType)(0xc0 | 0x300 | 0xc00);

https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

Killian answered 10/1, 2020 at 18:59 Comment(4)
Hi, I am facing this exception error Authentication failed because the remote party has closed the transport stream.. during a HTTP request. Client runs under DotNet 4.0, I used the code ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; before sending the request. Still i am getting exception error. Do you have any clue fix it?Loya
Have you tried: ServicePointManager.SecurityProtocol = (SecurityProtocolType)(0xc0 | 0x300 | 0xc00);Killian
Yes, during bebug. First HTTP Request fails with this error, and further consecutive request is pass. Why its failed in first?Loya
Vb.net: System.Net.ServicePointManager.SecurityProtocol = CType((&HC0 Or &H300 Or &HC00), SecurityProtocolType)Mennonite
K
15

Are you on .net 4.0? You should be at least 4.5 to use it. You can try to update your web target framework version: TLS 1.2 in .NET Framework 4.0

Kriskrischer answered 13/11, 2017 at 16:59 Comment(5)
it is a website project. Is there a way to specify such? I do see this in the project's web.config file: <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/> </startup>Mettlesome
It seems to work after I re-select the target of .NET4.5. Detail:: Right Click the project => Property Pages => Under Build, re-select Target Framework value =>.NET Framework 4.5 (Note: That was the current value). Once I did that, the build works. Weird...Mettlesome
Maybe it was stuck on prev version in VS cache. Yeah, that sounds weird.Kriskrischer
After I did above, I noticed the following being added to the web.config: <system.web> <compilation targetFramework="4.5"> <assemblies> <add assembly="System.Net, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> <add assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> </assemblies> </compilation> <pages controlRenderingCompatibilityVersion="4.0"/> </system.web>Mettlesome
compilation targetFramework="4.5" should have done the trick.Kriskrischer
N
2

For vb.net

ServicePointManager.SecurityProtocol = DirectCast(&HC0 Or &H300 Or &HC00, SecurityProtocolType)
Natalya answered 31/8, 2022 at 18:55 Comment(1)
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.Lisle
R
1

Website is already on .Net 4.5, Later updating the Compilation > TargetFramework manually from 4.0 to 4.5 fixed the issue for me.

Here's is the updated configuration

<compilation debug="true" targetFramework="4.5">
  <assemblies>
    <add assembly="System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    <add assembly="System.Net, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
  </assemblies>
</compilation>
Rigby answered 28/2, 2018 at 11:47 Comment(0)
A
0

About your concerns which version of TLS your application(client) and the server you are trying to connect will use.

Directly quoted from the RFC 5246 standard for TLS.

  • During ClientHello (first request client makes to the server)

    The version of the TLS protocol by which the client wishes to communicate during this session. This SHOULD be the latest (highest valued) version supported by the client.

  • During ServerHello (first request that server responds with)

    This field will contain the lower of that suggested by the client in the client hello and the highest supported by the server.

ClientHello and ServerHello are structures with fields which are described in the standard here.

TL;DR

When using System.Net.WebRequest your application will negotiate with the server to determine the highest TLS version that both your application and the server support, and use it.

Regarding your question.

  • You can find the supported TLS protocol versions by .NET here but please verify .NET framework version you are using and navigate to the right version in the msdn.
Ainsley answered 14/11, 2017 at 8:31 Comment(0)
L
0
ServicePointManager.SecurityProtocol = (SecurityProtocolType)(0xc0 | 0x300 | 0xc00);
Latif answered 17/11, 2022 at 9:42 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.