แก้ไข

แชร์ผ่าน


Transport Layer Security (TLS) best practices with .NET Framework

Note

This page contains .NET Framework TLS information. If you're looking for .NET TLS information, see: TLS/SSL Best Practices

.NET Framework supports the use of the Transport Layer Security (TLS) protocol to secure network communications.

What is Transport Layer Security (TLS)?

Warning

TLS 1.0 and 1.1 has been deprecated by RFC8996. This document covers TLS 1.2 and TLS 1.3 only.

The Transport Layer Security (TLS) protocol is an industry latest version of the standard designed to help protect the privacy of information communicated over the Internet. TLS 1.3 is a standard that provides security improvements over previous versions. This article presents recommendations to secure .NET Framework applications that use the TLS protocol.

Who can benefit from this document?

TLS support in .NET Framework

Since the .NET Framework is dependent on Schannel on Windows, which versions can be negotiated and which version will be used depends on the operating system.

Here is an updated example table showing the highest supported TLS version for different combinations of operating system versions and .NET Framework target versions:

.NET Framework Target Version Windows 10 Windows 11
3.5 TLS 1.2 TLS 1.2
4.6.2 TLS 1.2 TLS 1.3
4.7 TLS 1.2 TLS 1.3
4.7.1 TLS 1.2 TLS 1.3
4.7.2 TLS 1.2 TLS 1.3
4.8 TLS 1.2 TLS 1.3
4.8.1 TLS 1.2 TLS 1.3

For more information see TLS protocol version support in Schannel.

Recommendations

  • For TLS 1.3, target .NET Framework 4.8 or later. Check Audit your code section how to verify your target framework.
  • Do not specify the TLS version explicitly, i.e. don't use the method overloads of SslStream that take an explicit SslProtocols parameter.
    • That way your code will let the OS decide on the TLS version.
    • If you must set ServicePointManager.SecurityProtocol, then set it to SecurityProtocolType.SystemDefault. That will also use OS default.
    • If you must use the method overloads of SslStream that take an explicit SslProtocols parameter, then pass SslProtocols.SystemDefault as argument. That will also use OS default.
  • Perform a thorough code audit to verify you're not specifying a TLS or SSL version explicitly.

Warning

Do not use SslProtocols.Default, because it sets TLS version to SSL3 and TLS 1.0 which are obsoleted.

When your app lets the OS choose the TLS version:

  • It automatically takes advantage of new TLS protocols added in the future.
  • The OS blocks protocols that are discovered not to be secure (e.g. SSL3 and TLS 1.0).

This article explains how to enable the strongest security available for the version of .NET Framework that your app targets and runs on. When an app explicitly sets a security protocol and version, it opts out of any other alternative, and opts out of .NET Framework and OS default behavior. If you want your app to be able to negotiate a TLS 1.3 connection, explicitly setting to a lower TLS version prevents a TLS 1.3 connection.

If you can't avoid specifying a protocol version explicitly, we strongly recommend that you specify TLS 1.2 or TLS 1.3 (which is currently considered secure). For guidance on identifying and removing TLS 1.0 dependencies, download the Solving the TLS 1.0 Problem white paper.

WCF supports TLS 1.2 as the default in .NET Framework 4.7. Starting with .NET Framework 4.7.1, WCF defaults to the operating system configured version. If an application is explicitly configured with SslProtocols.None, WCF uses the operating system default setting when using the NetTcp transport.

You can ask questions about this document in the GitHub issue Transport Layer Security (TLS) best practices with the .NET Framework.

Audit your code and make code changes

For ASP.NET applications, inspect the <system.web><httpRuntime targetFramework> element of web.config to verify you're using the targeting intended version of the .NET Framework.

For Windows Forms and other applications, see How to: Target a Version of the .NET Framework.

Use the following sections to verify you're not using a specific TLS or SSL version.

If you must explicitly set a Security Protocol

If you must explicitly set a security protocol instead of letting .NET or the OS pick the security protocol, pick these protocols:

  • For .NET Framework 3.5: TLS 1.2
  • For .NET Framework 4.6.2 or later: TLS 1.3

If you can't find specified protocols in enum, you can add those as an extension file. See below:

SslProtocolExtensions.cs

namespace System.Security.Authentication
{
    public static class SslProtocolsExtensions
    {
        // For .NET Framework 3.5
        public const SslProtocols Tls12 = (SslProtocols)3072;
        // For .NET Framework 4.6.2 and later
        public const SslProtocols Tls13 = (SslProtocols)12288;
    }
}

SecurityProtocolExtensions.cs

using System.Security.Authentication;

namespace System.Net
{
    public static class SecurityProtocolTypeExtensions
    {
        // For .NET Framework 3.5
        public const SecurityProtocolType Tls12 = (SecurityProtocolType)SslProtocolsExtensions.Tls12;
        // For .NET Framework 4.6.2 and later
        public const SecurityProtocolType Tls13 = (SecurityProtocolType)SslProtocolsExtensions.Tls13;
    }
}

For more information, see Support for TLS System Default Versions included in .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2.

For System.Net APIs (HttpClient, SslStream)

If your app targets .NET Framework 4.7 or later versions

The following sections show how to configure your application to use currently considered secure versions of TLS. (TLS 1.2, TLS 1.3)

For HttpClient and HttpWebRequest

ServicePointManager, using .NET Framework 4.7 and later versions, will use the default security protocol configured in the OS. To get the default OS choice, if possible, don't set a value for the ServicePointManager.SecurityProtocol property, which defaults to SecurityProtocolType.SystemDefault.

Because the SecurityProtocolType.SystemDefault setting causes the ServicePointManager to use the default security protocol configured by the operating system, your application may run differently based on the OS it's run on. For example, Windows 10 uses TLS 1.2 while Windows 11 uses TLS 1.3.

For SslStream

SslStream, using .NET Framework 4.7 and later versions, defaults to the OS choosing the best security protocol and version. To get the default OS best choice, if possible, don't use the method overloads of SslStream that take an explicit SslProtocols parameter. Otherwise, pass SslProtocols.None. We recommend that you don't use Default; setting SslProtocols.Default forces the use of SSL 3.0 /TLS 1.0 and prevents TLS 1.2.

Don't set a value for the SecurityProtocol property (for HTTP networking).

Don't use the method overloads of SslStream that take an explicit SslProtocols parameter (for TCP sockets networking). When you retarget your app to .NET Framework 4.7 or later versions, you'll be following the best practices recommendation.

For WCF Applications

If your app targets .NET Framework 4.7 or later versions

The following sections show how to configure your application to use currently considered secure versions of TLS. (TLS 1.2, TLS 1.3)

Using TCP transport using transport security with certificate credentials

WCF uses the same networking stack as the rest of .NET Framework.

If you're targeting 4.7.1, WCF is configured to allow the OS to choose the best security protocol by default unless explicitly configured:

  • In your application configuration file.
  • Or, in your application in the source code.

By default, .NET Framework 4.7 and later versions are configured to use TLS 1.2 and allow connections using TLS 1.1 or TLS 1.0. Configure WCF to allow the OS to choose the best security protocol by configuring your binding to use SslProtocols.None. This can be set on SslProtocols. SslProtocols.None can be accessed from Transport. NetTcpSecurity.Transport can be accessed from Security.

If you're using a custom binding:

  • Configure WCF to allow the OS to choose the best security protocol by setting SslProtocols to use SslProtocols.None.
  • Or configure the protocol used with the configuration path system.serviceModel/bindings/customBinding/binding/sslStreamSecurity:sslProtocols.

If you're not using a custom binding and you're setting your WCF binding using configuration, set the protocol used with the configuration path system.serviceModel/bindings/netTcpBinding/binding/security/transport:sslProtocols.

Using Message Security with certificate credentials

.NET Framework 4.7 and later versions by default use the protocol specified in the SecurityProtocol property. When the AppContextSwitch Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols is set to true, WCF chooses the best protocol, up to TLS 1.0.

If your app targets a .NET Framework version earlier than 4.7

The following sections show how to configure your application to use currently considered secure versions of TLS. (TLS 1.2, TLS 1.3)

Using .NET Framework 4.6.2 using TCP transport security with Certificate Credentials

The WCF framework automatically chooses the highest protocol available up to TLS 1.2 unless you explicitly configure a protocol version. For more information, see the preceding section For WCF TCP transport using transport security with certificate credentials.

Using .NET Framework 3.5 using TCP transport security with Certificate Credentials

These versions of the WCF framework are explicitly specified to use values SSL 3.0 and TLS 1.0. These values cannot be changed. You must update and retarget to NET Framework 4.6.2 or later versions to use TLS 1.2.

Configure security via AppContext switches (for .NET Framework 4.6.2 or later versions)

The AppContext switches described in this section are relevant if your app targets, or runs on, .NET Framework 4.6.2 or later versions. Whether by default, or by setting them explicitly, the switches should be false if possible. If you want to configure security via one or both switches, then don't specify a security protocol value in your code; doing so would override the switch(es).

For System.Net APIs (HttpClient, SslStream)

The switches have the same effect whether you're doing HTTP networking (ServicePointManager) or TCP sockets networking (SslStream).

Switch.System.Net.DontEnableSchUseStrongCrypto

A value of false for Switch.System.Net.DontEnableSchUseStrongCrypto causes your app to use strong cryptography. A value of false for DontEnableSchUseStrongCrypto uses more secure network protocols (TLS 1.2 and TLS 1.1) and blocks protocols that are not secure. For more info, see The SCH_USE_STRONG_CRYPTO flag. A value of true disables strong cryptography for your app. This switch affects only client (outgoing) connections in your application.

If your app targets .NET Framework 4.6.2 or later versions, this switch defaults to false. That's a secure default, which we recommend. If your app runs on .NET Framework 4.6.2, but targets an earlier version, the switch defaults to true. In that case, you should explicitly set it to false.

DontEnableSchUseStrongCrypto should only have a value of true if you need to connect to legacy services that don't support strong cryptography and can't be upgraded.

Switch.System.Net.DontEnableSystemDefaultTlsVersions

A value of false for Switch.System.Net.DontEnableSystemDefaultTlsVersions causes your app to allow the operating system to choose the protocol. A value of true causes your app to use protocols picked by the .NET Framework.

If your app targets .NET Framework 4.7 or later versions, this switch defaults to false. That's a secure default that we recommend. If your app runs on .NET Framework 4.7 or later versions, but targets an earlier version, the switch defaults to true. In that case, you should explicitly set it to false.

For WCF applications

Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols

A value of false for Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols causes your application to use the value defined in ServicePointManager.SecurityProtocols for message security using certificate credentials. A value of true uses the highest protocol available, up to TLS1.0

For applications targeting .NET Framework 4.7 and later versions, this value defaults to false. For applications targeting .NET Framework 4.6.2 and earlier, this value defaults to true.

Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions

A value of false for Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions sets the default configuration to allow the operating system to choose the protocol. A value of true sets the default to the highest protocol available, up to TLS1.2.

For applications targeting .NET Framework 4.7.1 and later versions, this value defaults to false. For applications targeting .NET Framework 4.7 and earlier, this value defaults to true.

For more information about TLS protocols, see Mitigation: TLS Protocols. For more information about AppContext switches, see <AppContextSwitchOverrides> Element.

Configure security via the Windows Registry

Warning

Setting registry keys affects all applications on the system. Use this option only if you are in full control of the machine and can control changes to the registry.

If setting one or both AppContext switches isn't an option, you can control the security protocols that your app uses with the Windows Registry keys described in this section. You might not be able to use one or both the AppContext switches if your app runs on .NET Framework 3.5, or if you can't edit the configuration file. If you want to configure security with the registry, don't specify a security protocol value in your code; doing so overrides the registry setting.

The names of the registry keys are similar to the names of the corresponding AppContext switches but without a DontEnable prepended to the name. For example, the AppContext switch DontEnableSchUseStrongCrypto is the registry key called SchUseStrongCrypto.

These keys are available in all .NET Framework versions.

All of the registry keys described below have the same effect whether you're doing HTTP networking (ServicePointManager) or TCP sockets networking (SslStream).

SchUseStrongCrypto

The HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto registry entry has a value of type DWORD. A value of 1 causes your app to use strong cryptography. The strong cryptography uses more secure network protocols (TLS 1.2 and TLS 1.1) and blocks protocols that aren't secure. A value of 0 disables strong cryptography. For more information, see The SCH_USE_STRONG_CRYPTO flag. This registry setting affects only client (outgoing) connections in your application.

If your app targets .NET Framework 4.6 or later versions, this key defaults to a value of 1. That's a secure default that we recommend. If your app targets .NET Framework 4.5.2 or earlier versions, the key defaults to 0. In that case, you should explicitly set its value to 1.

This key should only have a value of 0 if you need to connect to legacy services that don't support strong cryptography and can't be upgraded.

SystemDefaultTlsVersions

The HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SystemDefaultTlsVersions registry entry has a value of type DWORD. A value of 1 causes your app to allow the operating system to choose the protocol. A value of 0 causes your app to use protocols picked by the .NET Framework.

<VERSION> must be v4.0.30319 (for .NET Framework 4 and above) or v2.0.50727 (for .NET Framework 3.5).

If your app targets .NET Framework 4.7 or later versions, this key defaults to a value of 1. That's a secure default that we recommend. If your app targets .NET Framework 4.6.1 or earlier versions, the key defaults to 0. In that case, you should explicitly set its value to 1.

For more info, see Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: May 10, 2016.

For more information with .NET Framework 3.5.1, see Support for TLS System Default Versions included in .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1.

The following .REG file sets the registry entries and their variants to their most safe values:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Configure Schannel protocols in the Windows Registry

You can use the registry for fine-grained control over the protocols that your client and/or server app negotiates. Your app's networking goes through Schannel (which is another name for Secure Channel). By configuring Schannel, you can configure your app's behavior.

Start with the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols registry key. Under that key you can create any subkeys in the set TLS 1.2, TLS 1.3. Under each of those subkeys, you can create subkeys Client and/or Server. Under Client and Server, you can create DWORD values DisabledByDefault (0 or 1) and Enabled (0 or 1).

For more information see: TLS Registry Settings - Schannel

The SCH_USE_STRONG_CRYPTO flag

When it's enabled (by default, by an AppContext switch, or by the Windows Registry), .NET Framework uses the SCH_USE_STRONG_CRYPTO flag when your app initiates a TLS connection to a server. .NET Framework passes the flag to Schannel to instruct it to disable known weak cryptographic algorithms, cipher suites, and TLS/SSL protocol versions that may be otherwise enabled for better interoperability. For more information, see:

The SCH_USE_STRONG_CRYPTO flag is also passed to Schannel for client (outgoing) connections when you explicitly use the Tls11 or Tls12 enumerated values of SecurityProtocolType or SslProtocols. The SCH_USE_STRONG_CRYPTO flag is used only for connections where your application acts the role of the client. You can disable weak protocols and algorithms when your applications acts the role of the server by configuring the machine-wide Schannel registry settings.