Transport Layer Security (TLS) best practices with .NET Framework

Note

This page contains .NET Framework TLS information. If you're looking for .NET TLS information, see: TLS/SSL Best Practices

.NET Framework supports the use of the Transport Layer Security (TLS) protocol to secure network communications.

What is Transport Layer Security (TLS)?

Warning

TLS 1.0 and 1.1 were deprecated by RFC8996. This document covers TLS 1.2 and TLS 1.3 only.

The Transport Layer Security (TLS) protocol is an industry standard designed to help protect the privacy of information communicated over the Internet. TLS 1.3 is the latest version of the TLS standard and provides important security improvements over previous versions.

Who can benefit from this article?

If you're a developer building an app that communicates over a network, ensure those communications are protected, especially if sensitive data is exchanged. The guidelines in this article help you protect those communications in apps that:

• Directly using the System.Net APIs (for example, System.Net.Http.HttpClient and System.Net.Security.SslStream).
• Directly using WCF clients and services using the System.ServiceModel namespace.

TLS support in .NET Framework

Since .NET Framework is dependent on Schannel on Windows, the operating system dictates which versions can be negotiated and which version will be used.

The following table shows the highest supported TLS version for different combinations of operating system versions and .NET Framework target versions:

.NET Framework target version	Windows 10	Windows 11
3.5	TLS 1.2	TLS 1.2
4.6.2	TLS 1.2	TLS 1.3
4.7	TLS 1.2	TLS 1.3
4.7.1	TLS 1.2	TLS 1.3
4.7.2	TLS 1.2	TLS 1.3
4.8	TLS 1.2	TLS 1.3
4.8.1	TLS 1.2	TLS 1.3

For more information, see TLS protocol version support in Schannel.

Recommendations

• For TLS 1.3, target .NET Framework 4.8 or later. See the Audit your code section for information about verifying your target framework.
• Do not specify the TLS version explicitly, that is, don't use the method overloads of SslStream that take an explicit SslProtocols parameter. Avoiding those overloads lets the OS decide on the TLS version.
  • If you must set ServicePointManager.SecurityProtocol, then set it to SecurityProtocolType.SystemDefault. That will also use the OS default.
  • If you must use the method overloads of SslStream that take an explicit SslProtocols parameter, then pass SslProtocols.SystemDefault as argument. That will also use the OS default.
• Perform a thorough code audit to verify you're not specifying a TLS or SSL version explicitly.

Warning

Do not use SslProtocols.Default, because it sets TLS version to SSL3 and TLS 1.0, both of which are obsolete.

When your app lets the OS choose the TLS version:

• It automatically takes advantage of new TLS protocols added in the future.
• The OS blocks protocols that are discovered not to be secure (for example, SSL3 and TLS 1.0).

This article explains how to enable the strongest security available for the version of .NET Framework that your app targets and runs on. When an app explicitly sets a security protocol and version, it opts out of any other alternative, and opts out of .NET Framework and OS default behavior. If you want your app to be able to negotiate a TLS 1.3 connection, explicitly setting a lower TLS version prevents a TLS 1.3 connection.

If you can't avoid specifying a protocol version explicitly, we strongly recommend that you specify TLS 1.2 or TLS 1.3. For guidance on identifying and removing TLS 1.0 dependencies, download the Solving the TLS 1.0 Problem whitepaper.

WCF supports TLS 1.2 as the default in .NET Framework 4.7. Starting with .NET Framework 4.7.1, WCF defaults to the operating system configured version. If an application is explicitly configured with SslProtocols.None, WCF uses the operating system default setting when using the NetTcp transport.

You can ask questions about this document in the GitHub issue Transport Layer Security (TLS) best practices with the .NET Framework.

Audit your code and make code changes

For ASP.NET applications, inspect the <system.web><httpRuntime targetFramework> element of web.config to verify you're using the intended target version of .NET Framework.

For Windows Forms and other applications, see How to: Target a Version of .NET Framework.

Use the following sections to verify you're not using a specific TLS or SSL version.

If you must explicitly set a security protocol

If you must explicitly set a security protocol instead of letting .NET or the OS pick the security protocol, pick these protocols:

• For .NET Framework 3.5: TLS 1.2
• For .NET Framework 4.6.2 and later: TLS 1.3

If you can't find the specified protocols in the enum, you can add them as an extension file:

SslProtocolExtensions.cs

namespace System.Security.Authentication
{
    public static class SslProtocolsExtensions
    {
        // For .NET Framework 3.5.
        public const SslProtocols Tls12 = (SslProtocols)3072;
        // For .NET Framework 4.6.2 and later.
        public const SslProtocols Tls13 = (SslProtocols)12288;
    }
}

SecurityProtocolExtensions.cs

using System.Security.Authentication;

namespace System.Net
{
    public static class SecurityProtocolTypeExtensions
    {
        // For .NET Framework 3.5.
        public const SecurityProtocolType Tls12 = (SecurityProtocolType)SslProtocolsExtensions.Tls12;
        // For .NET Framework 4.6.2 and later.
        public const SecurityProtocolType Tls13 = (SecurityProtocolType)SslProtocolsExtensions.Tls13;
    }
}

For more information, see Support for TLS System Default Versions included in .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2.

For System.Net APIs (HttpClient, SslStream)

If your app targets .NET Framework 4.7 or later versions

The following sections show how to configure your application to use "currently considered secure" versions of TLS (TLS 1.2, TLS 1.3).

For HttpClient and HttpWebRequest

ServicePointManager, using .NET Framework 4.7 and later versions, uses the default security protocol configured in the OS. To get the default OS choice, if possible, don't set a value for the ServicePointManager.SecurityProtocol property, which defaults to SecurityProtocolType.SystemDefault.

Because the SecurityProtocolType.SystemDefault setting causes the ServicePointManager to use the default security protocol configured by the operating system, your application might run differently based on the OS it's run on. For example, Windows 10 uses TLS 1.2 while Windows 11 uses TLS 1.3.

For SslStream

SslStream, using .NET Framework 4.7 and later versions, defaults to the OS choosing the best security protocol and version. To get the default OS best choice, if possible, don't use the method overloads of SslStream that take an explicit SslProtocols parameter. Otherwise, pass SslProtocols.None. We recommend that you don't use Default; setting SslProtocols.Default forces the use of SSL 3.0 / TLS 1.0 and prevents TLS 1.2.

Don't set a value for the SecurityProtocol property (for HTTP networking).

Don't use the method overloads of SslStream that take an explicit SslProtocols parameter (for TCP sockets networking). When you retarget your app to .NET Framework 4.7 or later versions, you'll be following the best practices recommendation.

For WCF apps

If your app targets .NET Framework 4.7 or later versions

The following sections show how to configure your application to use "currently considered secure" versions of TLS (TLS 1.2, TLS 1.3).

TCP transport using transport security with certificate credentials

WCF uses the same networking stack as the rest of .NET Framework.

If you're targeting 4.7.1, WCF is configured to allow the OS to choose the best security protocol by default unless explicitly configured in one of the following locations:

• In your application configuration file.
• In your app's source code.

By default, .NET Framework 4.7 and later versions are configured to use TLS 1.2 and allow connections using TLS 1.1 or TLS 1.0. Configure WCF to allow the OS to choose the best security protocol by configuring your binding to use SslProtocols.None. This can be set on SslProtocols. SslProtocols.None can be accessed from Transport. NetTcpSecurity.Transport can be accessed from Security.

If you're using a custom binding:

• Configure WCF to allow the OS to choose the best security protocol by setting SslProtocols to use SslProtocols.None.
• Or, configure the protocol used with the configuration path system.serviceModel/bindings/customBinding/binding/sslStreamSecurity:sslProtocols.

If you're not using a custom binding and you're setting your WCF binding using configuration, set the protocol used with the configuration path system.serviceModel/bindings/netTcpBinding/binding/security/transport:sslProtocols.

Message Security with certificate credentials

.NET Framework 4.7 and later versions by default use the protocol specified in the SecurityProtocol property. When the AppContextSwitch Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols is set to true, WCF chooses the best protocol, up to TLS 1.0.

If your app targets a .NET Framework version earlier than 4.7

The following sections show how to configure your application to use "currently considered secure" versions of TLS (TLS 1.2, TLS 1.3).

.NET Framework 4.6.2 using TCP transport security with certificate credentials

The WCF framework automatically chooses the highest protocol available up to TLS 1.2 unless you explicitly configure a protocol version. For more information, see TCP transport using transport security with certificate credentials.

.NET Framework 3.5 using TCP transport security with certificate credentials

These versions of the WCF framework are explicitly specified to use values SSL 3.0 and TLS 1.0. These values cannot be changed. You must update and retarget to .NET Framework 4.6.2 or later versions to use TLS 1.2.

Configure security via AppContext switches (for .NET Framework 4.6.2 or later versions)

The AppContext switches described in this section are relevant if your app targets, or runs on, .NET Framework 4.6.2 or later versions. Whether by default, or by setting them explicitly, the switches should be false if possible. If you want to configure security via one or both switches, then don't specify a security protocol value in your code; doing so would override the switches.

For System.Net APIs (HttpClient, SslStream)

The switches have the same effect whether you're doing HTTP networking (ServicePointManager) or TCP sockets networking (SslStream).

Switch.System.Net.DontEnableSchUseStrongCrypto

• A value of false for Switch.System.Net.DontEnableSchUseStrongCrypto causes your app to use strong cryptography. Your app uses more secure network protocols (TLS 1.2 and TLS 1.3) and blocks protocols that aren't secure. For more information, see The SCH_USE_STRONG_CRYPTO flag.
• A value of true disables strong cryptography for your app. This switch affects only client (outgoing) connections in your application.

If your app targets .NET Framework 4.6.2 or later versions, this switch defaults to false. That's a secure default, which we recommend. If your app runs on .NET Framework 4.6.2, but targets an earlier version, the switch defaults to true. In that case, you should explicitly set it to false.

DontEnableSchUseStrongCrypto should only have a value of true if you need to connect to legacy services that don't support strong cryptography and can't be upgraded.

Switch.System.Net.DontEnableSystemDefaultTlsVersions

• A value of false for Switch.System.Net.DontEnableSystemDefaultTlsVersions causes your app to allow the operating system to choose the protocol.
• A value of true causes your app to use protocols picked by .NET Framework.

If your app targets .NET Framework 4.7 or later versions, this switch defaults to false. That's a secure default that we recommend. If your app runs on .NET Framework 4.7 or later versions, but targets an earlier version, the switch defaults to true. In that case, you should explicitly set it to false.

For WCF applications

Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols

A value of false for Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols causes your application to use the value defined in ServicePointManager.SecurityProtocols for message security using certificate credentials. A value of true uses the highest protocol available, up to TLS 1.0.

For applications targeting .NET Framework 4.7 and later versions, this value defaults to false. For applications targeting .NET Framework 4.6.2 and earlier, this value defaults to true.

Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions

A value of false for Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions sets the default configuration to allow the operating system to choose the protocol. A value of true sets the default to the highest protocol available, up to TLS 1.2.

For applications targeting .NET Framework 4.7.1 and later versions, this value defaults to false. For applications targeting .NET Framework 4.7 and earlier, this value defaults to true.

For more information about TLS protocols, see Mitigation: TLS Protocols. For more information about AppContext switches, see <AppContextSwitchOverrides> Element.

Configure security via the Windows Registry

Warning

Setting registry keys affects all applications on the system. Use this option only if you're in full control of the machine and can control changes to the registry.

If setting one or both AppContext switches isn't an option, you can control the security protocols that your app uses with the Windows Registry keys described in this section. You might not be able to use one or both of the AppContext switches if your app runs on .NET Framework 3.5, or if you can't edit the configuration file. If you want to configure security with the registry, don't specify a security protocol value in your code; doing so overrides the registry setting.

The names of the registry keys are similar to the names of the corresponding AppContext switches but without a DontEnable prepended to the name. For example, the AppContext switch DontEnableSchUseStrongCrypto is the registry key called SchUseStrongCrypto.

These keys are available in all .NET Framework versions.

All of the registry keys have the same effect whether you're doing HTTP networking (ServicePointManager) or TCP sockets networking (SslStream).

Note

These registry keys don't exist by default. You must add them manually.

SchUseStrongCrypto

The HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto registry entry has a value of type DWORD. A value of 1 causes your app to use strong cryptography. The strong cryptography uses more secure network protocols (TLS 1.2 and TLS 1.3) and blocks protocols that aren't secure. A value of 0 disables strong cryptography. For more information, see The SCH_USE_STRONG_CRYPTO flag. This registry setting affects only client (outgoing) connections in your application.

If your app targets .NET Framework 4.6 or later versions, this key defaults to a value of 1. That's a secure default that we recommend. If your app targets .NET Framework 4.5.2 or earlier versions, the key defaults to 0. In that case, you should explicitly set its value to 1.

This key should only have a value of 0 if you need to connect to legacy services that don't support strong cryptography and can't be upgraded.

SystemDefaultTlsVersions

The HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SystemDefaultTlsVersions registry entry has a value of type DWORD. A value of 1 causes your app to allow the operating system to choose the protocol. A value of 0 causes your app to use protocols picked by the .NET Framework.

<VERSION> must be v4.0.30319 (for .NET Framework 4 and above) or v2.0.50727 (for .NET Framework 3.5).

If your app targets .NET Framework 4.7 or later versions, this key defaults to a value of 1. That's a secure default that we recommend. If your app targets .NET Framework 4.6.1 or earlier versions, the key defaults to 0. In that case, you should explicitly set its value to 1.

For more info, see Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: May 10, 2016.

For more information with .NET Framework 3.5.1, see Support for TLS System Default Versions included in .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1.

The following .REG file sets the registry entries and their variants to their safest values:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Configure Schannel protocols in the Windows Registry

You can use the registry for fine-grained control over the protocols that your client or server app negotiates. Your app's networking goes through Schannel (which is another name for Secure Channel). By configuring Schannel, you can configure your app's behavior.

Start with the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols registry key. Under that key, you can create any subkeys in the set TLS 1.2, TLS 1.3. Under each of those subkeys, you can create subkeys Client and/or Server. Under Client and Server, you can create DWORD values DisabledByDefault (0 or 1) and Enabled (0 or 1).

For more information see: TLS Registry Settings - Schannel.

The SCH_USE_STRONG_CRYPTO flag

When it's enabled (by default, by an AppContext switch, or by the Windows Registry), .NET Framework uses the SCH_USE_STRONG_CRYPTO flag when your app initiates a TLS connection to a server. .NET Framework passes the flag to Schannel to instruct it to disable known weak cryptographic algorithms, cipher suites, and TLS/SSL protocol versions that might otherwise be enabled for better interoperability. For more information, see:

• Secure Channel
• SCHANNEL_CRED structure

The SCH_USE_STRONG_CRYPTO flag is also passed to Schannel for client (outgoing) connections when you explicitly use the Tls11 or Tls12 enumerated values of SecurityProtocolType or SslProtocols. The SCH_USE_STRONG_CRYPTO flag is used only for connections where your application acts the role of the client. You can disable weak protocols and algorithms when your applications acts the role of the server by configuring the machine-wide Schannel registry settings.