This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 19%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have an application which uses WCF with TLS encryption.
Client side:
NetTcpBinding Bindings = new NetTcpBinding;
Bindings.MaxReceiveMessageSize = 2147483647;
Bindings.Security.Transport.SslProtocols = SslProtocols.Tls12;
Bindings.Security.Mode = SecurityMode.Transport;
Server side is the same.
I use two Windows 10 21H2 to work as client and server.
Firstly, I enabled TLS 1.2 through the registry and Client and Server work fine.
Secondly, I disabled TLS 1.2 on both machine and restart.
When I test, I found that Client and Server can still work.
My question is why TLS 1.2 has been disabled and only TLS 1.2 encryption is set in the code, but actually the program can still be encrypted successfully.
You have to reveal the exact steps of how you "disabled TLS 1.2".
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
I ran the above script
In addition, when client and server in the same machine, if I disable TLS 1.1 or TLS 1.2, the client and server can still communicate normally. It's strange.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 12%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Hi @Aspire ,
After changing the files in the SCHANNEL path, you need to restart the computer. Have you done this step.
Regards,
Jiayao Wu
yes , I restart and still work.
Are you able to use a tool like Wireshark to analyze the handshake? Can you confirm the client/server connect via TLS 1.2 across the two machines?
Seen from Wireshark, the data has been encrypted, but the protocol type displayed in Wireshark is TCP, so I'm not sure whether client/server connect via TLS 1.2.
TLS connections are upon TCP, so no surprise. You might refer to https://wiki.wireshark.org/TLS to learn more about how to understand the captured packets. There are tons of others from search engines.
Hi @Aspire ,
In general, do not specify the version of TLS. Let the operating system determine it.
According to the docs...
If you want to configure security with the registry, don't specify a security protocol value in your code; doing so overrides the registry setting.
Transport Layer Security (TLS) best practices with the .NET Framework
Usually when testing TLS you disable SSL and TLS 1.0 and 1.1 on the servers. Then make sure the code still works.
Thank you for your answer. Do you mean that the TLS version should not be specified in the code? If I only want the code to be encrypted using TLS1.2 protocol, how can I implement it in the code?
The information you seek is in the link and why I posted it.