question

RP-1180 avatar image
0 Votes"
RP-1180 asked JackJJun-MSFT edited

ServicePointManager.SecurityProtocol incorrect when called over COM?

The default value for ServicePointManager.SecurityProtocol, in a .NET 4.7.2 app, is supposed to be "SystemDefault", which is supposed to include tls 1.2 as far as I understand it.

If I make a simple NET 4.7.2 console app and look at the SecurityProtocol value it is "SystemDefault" as expected.

However, we have code in a NET 4.7.2 DLL to call Exchange Services which is COMVisible and called from another app using COM. And when this call over COM is done the value of SecurityProtocol defaults to "Ssl3, Tls" (which causes the code to fail).

Why does the value of ServicePointManager.SecurityProtocol mysteriously change to " Ssl3, Tls" when the code is called via COM?

This has been tested with the simplest DLL just to output the value of SecurityProtocol and called from a couple of different places over COM (including PowerShell) with the same result. So it really does seem to be the act of using COM that somehow "degrades" the default security.

In addition to "why", the next question will be: Can this be fixed in some way that doesn't involve programmatically adding Tls12 to the SecurityProtocol in the COM control, which is apparently a Bad Idea?

dotnet-cli
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JoseZero-8614 avatar image
0 Votes"
JoseZero-8614 answered RP-1180 commented

Have in mind SSL and TLS is tied to Operating System where you app is running, also even as far OS docs tells you TLS is enabled by default you have to check if it is really enabled.
From my experience at Win Server 2012, docs say TLS 1.0, 1.1 and 1.2 are enabled by default, but I have to to set SecurityProtocol for my needs.
Can not tell much about "COM", my experience comes from WebForms.
Hope this helps

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sorry, but not much help.

I know that the security protocol is tied to the Operating System. And on a later operating system (which it is) this should include tls1.2.

The point of my question is why the value of ServicePointManager.SecurityProtocol in a .NET 4.7.2 application should change (on the same OS) to not include tls1.2 only when it is called over COM.

0 Votes 0 ·