.NET
Microsoft Technologies based on the .NET software framework.
3,357 questions
Can WCF client initiate a TLS communication (netTCP)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 51%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Mc Niel Lat
1
Reputation point
I have a WCF client running .Net 4.8, and I want to connect to our WCF service through an AWS Network Load Balancer that uses TLS listener. The problem is I cannot connect through it. I can connect properly when I am using a TCP listener in the NLB.
I contacted AWS support regarding this issue, and after some investigation, they confirmed that there is nothing wrong with my NLB configurations, and they advised me that my WCF client must initiate the TLS communication with the NLB's TLS listener to properly communicate through TLS.
But based on my research, the WCF service is the one dictating the security requirements for client. It is mentioned on the first line on this Microsoft resource. Is there a way to force my WCF client to initiate the TLS communication?
I already have in my client code:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
and on my client config file, I have this on the binding config.
<security mode="Transport">
<transport clientCredentialType="None"
protectionLevel="EncryptAndSign"
sslProtocols="Tls12" >
</transport>
</security>
Also, when I inspected the packets during the successful communication on the TCP listener, after the TCP handshake, the client and service exchanges some info before initiating the TLS communication. Not sure if that matters but I just wanna state it.
Is there a way to force my WCF client to initiate the TLS communication?
.NET
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 77%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPD%3C/text%3E%3C/svg%3E)
Peng Ding-MSFT 91 Reputation points2021-03-22T08:02:23.327+00:00 Whether the client-side uses TLS is related to the server-side, because the binding of the client-side must be the same as that of the server-side.
-
Mc Niel Lat 1 Reputation point
2021-03-22T10:27:49.273+00:00 Hi @Peng Ding-MSFT , does this mean that a WCF client cannot initiate a TLS communication with a network load balancer that is waiting for a TLS/SSL Client Hello packet?
-
Peng Ding-MSFT 91 Reputation points
2021-03-23T09:34:45.113+00:00 Yes. Whether to use TSL depends on the server-side, we can’t do this on the client-side.
Sign in to comment