66

My application connects to Experian server and Experian will soon stop supporting TLS 1.0 and TLS 1.1. All connectivity using HTTPS must use TLS Version 1.2.

I want to do some research on that issue and see sending HttpWebRequest using TLS 1.2 on .NET 4.0 framework works

If it does not, I will probably need to create a webservice on .NET 4.5 and call its methods, if it does, I do not have to anything.

Has anyone already faced with that issue?

Improve this question

10 Answers 10

Reset to default
124

Yes, it supports it but you must explicitly set the TLS version on the ServicePointManager. Just have this code run anytime (in same app domain) before you make the call to Experian:

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12

Update

see @iignatov 's answer for what you must do for framework v4.0. My code works with 4.5+

Improve this answer
11
  • 1
    I'm trying to implement that change that you suggested and the only SecurityProtocolType options I have Ssl3 and Tls. It does not have Tls12
    – gene
    Jun 16, 2016 at 21:05
  • I'm using that myself to call experian so Tim must be right. It is not HttpRequest that is the problem, it is the framework version.
    – Crowcoder
    Jun 16, 2016 at 21:25
  • 11
    @AgustinGarzon if you want to support other versions you can "or" them together like: SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls10
    – Crowcoder
    Oct 13, 2016 at 13:00
  • 4
    If you want to be future proof you shouldn't set it = explicitly, rather add it w/ |= - ie. System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12
    – Sean
    Apr 17, 2019 at 13:25
  • 1
    @Crowcoder there is no such thing as "SecurityProtocolType.Tls10", there is "SecurityProtocolType.Tls" which actually means Tls 1.0
    – Ezh
    May 29, 2019 at 11:38
50

I had to deal with the same problem, while integrating PayPal into a legacy application, and found the following workaround for .NET 4.0 which seems to do the trick:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
ServicePointManager.DefaultConnectionLimit = 9999;

Basically the workaround is to directly assign the port for TLS 1.2.

All credit goes to the commenter at CodeProject.

Improve this answer
4
  • 1
    That magic line did the trick ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072 Thanks a lot!
    – Renan Araújo
    May 16, 2017 at 18:55
  • 5
    fyi that hack only works if .net 4.5 is also installed on the server.
    – CathalMF
    Jun 20, 2018 at 15:42
  • 1
    as @CathalMF mentinoed this works only if .NET 4.5 is installed on the server. Unfortunately 4.5 does not support windows 2003.
    – Sriwantha Attanayake
    Mar 12, 2020 at 12:02
  • 1
    Is there a reason to explicitly set ServicePointManager.Expect100Continue = true ? How it's related with tls 1.2 support? According to documentation it's anyway true by default..
    – leonid p
    Nov 2, 2020 at 9:58
6

The VB.NET Translation of iignatov's answer:

ServicePointManager.Expect100Continue = True
ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)
ServicePointManager.DefaultConnectionLimit = 9999
Improve this answer
5

I was solved with this way.

    string url = "https://api.foursquare.com/v2/blablabla...";
    var request = (HttpWebRequest)WebRequest.Create(url);

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
    
    var response = (HttpWebResponse)request.GetResponse();
    var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
Improve this answer
1
  • 1
    Most easiest way
    – Venugopal M
    Jul 13, 2022 at 6:38
4

You can also use this:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | (SecurityProtocolType)768 | (SecurityProtocolType)3072;
Improve this answer
1
  • The Best answer for all solutions is in this link py4u.net/discuss/711097
    – keivan kashani
    Sep 2, 2021 at 7:46
0

Unfortunately no, you can't do this. Tls12 was not added until .netfx 4.5 (see the documentation). Note this also requires Windows Server 2008 R2+ or Windows 7+ to run correctly (notice the Applies To section on Introducing TLS).

Improve this answer
1
  • 1
    @iignatov's answer should work: ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072
    – jay-danger
    May 14, 2018 at 17:27
0

FrameWork 4.0 does not support TLS 1.1 or 1.2 But you can fix this problem by downloading Rebex.Http from Nuget manager.

Rebex.Licensing.Key = "..."; //Lisans Number
var creator = new HttpRequestCreator();
creator.Register();

WebRequest request = WebRequest.Create("https://www.test.com");
request.Method = "POST";                
request.Headers.Add("utsToken", txtToken.Text);
request.ContentType = "application/json";
request.Method = "POST";

using (var streamWriter = new StreamWriter(request.GetRequestStream()))
{
    string json = "{\"VRG\":\"test\"}";

    streamWriter.Write(json);
    streamWriter.Flush();
    streamWriter.Close();
}

var httpResponse = (WebResponse)request.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
    var result = streamReader.ReadToEnd();
    txtSonuc.Text += result;
}
Improve this answer
1
  • Rebex.Http is a paid commercial product with a free 30-day trial
    – Adam Silenko
    Apr 28, 2021 at 8:47
0 
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

that's worked for me on .net 3.5

Improve this answer
0

No you can not,

As the source explains,

"The HttpWebRequest class supports only versions 1.0 and 1.1 of HTTP. Setting ProtocolVersion to a different version throws an exception."

Source: learn.microsoft.com

Improve this answer
0

With an application targeting Framework 4.5 (but with SDK 4.8 installed), none of the above solutions worked for me.

I created a DWORD key SchUseStrongCrypto in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

and

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

with a value of 1.

With this, altering ServicePointManager.SecurityProtocol doesn’t seem necessary.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.