อ่านในภาษาอังกฤษ แก้ไข

แชร์ผ่าน

CA5386: Avoid hardcoding SecurityProtocolType value

  • บทความ
Property Value
Rule ID CA5386
Title Avoid hardcoding SecurityProtocolType value
Category Security
Fix is breaking or non-breaking Non-breaking
Enabled by default in .NET 9 No

Cause

This rule fires when either of the following conditions are met:

Safe values are:

  • Tls12
  • Tls13

Rule description

Transport Layer Security (TLS) secures communication between computers, most commonly with Hypertext Transfer Protocol Secure (HTTPS). Protocol versions TLS 1.0 and TLS 1.1 are deprecated, while TLS 1.2 and TLS 1.3 are current. In the future, TLS 1.2 and TLS 1.3 may be deprecated. To ensure that your application remains secure, avoid hardcoding a protocol version and target at least .NET Framework v4.7.1. For more information, see Transport Layer Security (TLS) best practices with .NET Framework.

How to fix violations

Don't hardcode TLS protocol versions.

When to suppress warnings

You can suppress this warning if your application targets .NET Framework v4.6.2 or earlier and may run on a computer that has insecure defaults.

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

C# 
#pragma warning disable CA5386
// The code that's violating the rule is on this line.
#pragma warning restore CA5386

To disable the rule for a file, folder, or project, set its severity to none in the configuration file.

ini 
[*.{cs,vb}]
dotnet_diagnostic.CA5386.severity = none

For more information, see How to suppress code analysis warnings.

Pseudo-code examples

Enumeration name violation

C# 
using System;
using System.Net;

public class ExampleClass
{
    public void ExampleMethod()
    {
        // CA5386 violation
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
    }
}

Integer value violation

C# 
using System;
using System.Net;

public class ExampleClass
{
    public void ExampleMethod()
    {
        // CA5386 violation
        ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072;    // TLS 1.2
    }
}

Solution

C# 
using System;
using System.Net;

public class TestClass
{
    public void TestMethod()
    {
        // Let the operating system decide what TLS protocol version to use.
        // See https://learn.microsoft.com/dotnet/framework/network-programming/tls
    }
}

CA5364: Do not use deprecated security protocols

CA5397: Do not use deprecated SslProtocols values

CA5398: Avoid hardcoded SslProtocols values