אירוע
17 במרץ, 21 - 21 במרץ, 10
הצטרף לסידרה של פגישות כדי לבנות פתרונות מדרגיים של בינה מלאכותית בהתבסס על מקרי שימוש מהעולם האמיתי עם מפתחים ומומחים אחרים.
הירשם עכשיוCA5364: Do not use deprecated security protocols
| Property | Value |
|---|---|
| Rule ID | CA5364 |
| Title | Do not use deprecated security protocols |
| Category | Security |
| Fix is breaking or non-breaking | Non-breaking |
| Enabled by default in .NET 9 | No |
This rule fires when either of the following conditions are met:
- A deprecated System.Net.SecurityProtocolType value was referenced.
- An integer value representing a deprecated value was assigned to a SecurityProtocolType variable.
Deprecated values are:
- Ssl3
- Tls
- Tls10
- Tls11
Transport Layer Security (TLS) secures communication between computers, most commonly with Hypertext Transfer Protocol Secure (HTTPS). Older protocol versions of TLS are less secure than TLS 1.2 and TLS 1.3 and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk. For guidance on identifying and removing deprecated protocol versions, see Solving the TLS 1.0 Problem, 2nd Edition.
Don't use deprecated TLS protocol versions.
You can suppress this warning if:
- The reference to the deprecated protocol version isn't being used to enable a deprecated version.
- You need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.
C#
#pragma warning disable CA5364
// The code that's violating the rule is on this line.
#pragma warning restore CA5364
To disable the rule for a file, folder, or project, set its severity to none in the configuration file.
ini
[*.{cs,vb}]
dotnet_diagnostic.CA5364.severity = none
For more information, see How to suppress code analysis warnings.
C#
using System;
using System.Net;
public class ExampleClass
{
public void ExampleMethod()
{
// CA5364 violation
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
}
}
Imports System
Imports System.Net
Public Class TestClass
Public Sub ExampleMethod()
' CA5364 violation
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12
End Sub
End Class
C#
using System;
using System.Net;
public class ExampleClass
{
public void ExampleMethod()
{
// CA5364 violation
ServicePointManager.SecurityProtocol = (SecurityProtocolType) 768; // TLS 1.1
}
}
Imports System
Imports System.Net
Public Class TestClass
Public Sub ExampleMethod()
' CA5364 violation
ServicePointManager.SecurityProtocol = CType(768, SecurityProtocolType) ' TLS 1.1
End Sub
End Class
C#
using System;
using System.Net;
public class TestClass
{
public void TestMethod()
{
// Let the operating system decide what TLS protocol version to use.
// See https://learn.microsoft.com/dotnet/framework/network-programming/tls
}
}
Imports System
Imports System.Net
Public Class TestClass
Public Sub ExampleMethod()
' Let the operating system decide what TLS protocol version to use.
' See https://learn.microsoft.com/dotnet/framework/network-programming/tls
End Sub
End Class
CA5386: Avoid hardcoding SecurityProtocolType value
שתף איתנו פעולה ב- GitHub
ניתן למצוא את המקור לתוכן זה ב- GitHub, שם ניתן גם ליצור ולסקור בעיות ולמשוך בקשות. לקבלת מידע נוסף, עיין במדריך התורמים שלנו.
משוב של .NET
.NET הוא פרויקט קוד פתוח. בחר קישור כדי לספק משוב: