Determine the TLS/SSL version on the service side of a .Net WCF web service

About

Asked 15/4, 2015 at 8:54 Answered 1/11, 2017 at 16:24

I am running a .Net WCF web service which handles several different request SOAP messages and which is hosted under IIS (version 7). In the case that transport security is used (https) for the web service endpoint, how can i determine the used TLS/SSL version and cipher value of an incoming request SOAP message in this WCF service?

Bennink answered 15/4, 2015 at 8:54 Comment(7)

starting bounty, cause i cant find anything... – Hasa 17/3, 2017 at 12:21

@Dominik, I think there is some misunderstanding on your side. In typical HTTPS request TLS/SSL version and cipher are negotiated at the beginning of connection being established not sent by client. Moreover, it is typically server that decides what to use. This is so because it typically only server that is being validated not the client. So what exactly do you want to know and how are you going to use this information? – Coparcenary 17/3, 2017 at 15:50

@Coparcenary In my case I know that the server my WCF-Service is running on supports TLS 1.0 - TLS 1.3. I cannot change the SCHANNEL-Settings on the machine. I still want to refuse all clients to call some methods of my WCF-Service if they are using TLS 1.0 or TLS 1.1. Let the "refuse method call" be my problem. Just tell me where to see which TLS version the current connection is using – Hasa 17/3, 2017 at 22:22

Are you using a Load balancer in front of your WCF service? How is your WCF service hosted (On IIS or Self Hosting)? – Eversion 24/3, 2017 at 9:11

@Hasa You can restrict the client to use old security protocol problematically below is the link for the same. #26390399 – Oilla 24/3, 2017 at 9:20

@ChicksPatel Yes but as you already said that is the client... I have no control over the client. Is it not possible to restrict anything but TLS 1.2 for a WCF-app(server-side!!) per code?? – Hasa 24/3, 2017 at 13:17

@Eversion No I'm not using a Load balancer and it's a self-hostet windows-service – Hasa 27/3, 2017 at 7:42

You can probably create 2 applications - one that only accepts TLS 1.2, and the other that accepts TLS 1.0, 1.1.

To support only TLS 1.2 and no SSL protocols, you can do this:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Harquebus answered 1/11, 2017 at 16:24 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags