Training
Module
Encrypt network traffic end to end with Azure Application Gateway - Training
Secure the traffic from your users all the way to your web servers by enabling TLS encryption on Application Gateway.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Starting with .NET Framework 4.6, the System.Net.ServicePointManager and System.Net.Security.SslStream classes are allowed to use one of the following three protocols: Tls1.0, Tls1.1, or Tls 1.2. The SSL3.0 protocol and RC4 cipher are not supported.
This change affects:
Any app that uses SSL to talk to an HTTPS server or a socket server using any of the following types: HttpClient, HttpWebRequest, FtpWebRequest, SmtpClient, and SslStream.
Any server-side app that cannot be upgraded to support Tls1.0, Tls1.1, or Tls 1.2..
The recommended mitigation is to upgrade the sever-side app to Tls1.0, Tls1.1, or Tls 1.2. If this is not feasible, or if client apps are broken, the AppContext class can be used to opt out of this feature in either of two ways:
Programmatically, by using a code snippet like the following:
const string DisableCachingName = @"TestSwitch.LocalAppContext.DisableCaching";
const string DontEnableSchUseStrongCryptoName = @"Switch.System.Net.DontEnableSchUseStrongCrypto";
AppContext.SetSwitch(DisableCachingName, true);
AppContext.SetSwitch(DontEnableSchUseStrongCryptoName, true);
Const DisableCachingName As String = "TestSwitch.LocalAppContext.DisableCaching"
Const DontEnableSchUseStrongCryptoName As String = "Switch.System.Net.DontEnableSchUseStrongCrypto"
AppContext.SetSwitch(DisableCachingName, True)
AppContext.SetSwitch(DontEnableSchUseStrongCryptoName, True)
Because the ServicePointManager object is initialized only once, defining these compatibility settings must be the first thing the application does.
By adding the following line to the <runtime> section of your app.config file:
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=true"/>
Note, however, that opting out of the default behavior is not recommended, since it makes the application less secure.
.NET feedback
.NET is an open source project. Select a link to provide feedback:
Training
Module
Encrypt network traffic end to end with Azure Application Gateway - Training
Secure the traffic from your users all the way to your web servers by enabling TLS encryption on Application Gateway.