Determine the TLS/SSL version on the service side of a .Net WCF web service

13
votes

I am running a .Net WCF web service which handles several different request SOAP messages and which is hosted under IIS (version 7). In the case that transport security is used (https) for the web service endpoint, how can i determine the used TLS/SSL version and cipher value of an incoming request SOAP message in this WCF service?

1
wcf-security
starting bounty, cause i cant find anything...Dominik
@Dominik, I think there is some misunderstanding on your side. In typical HTTPS request TLS/SSL version and cipher are negotiated at the beginning of connection being established not sent by client. Moreover, it is typically server that decides what to use. This is so because it typically only server that is being validated not the client. So what exactly do you want to know and how are you going to use this information?SergGr
@SergGr In my case I know that the server my WCF-Service is running on supports TLS 1.0 - TLS 1.3. I cannot change the SCHANNEL-Settings on the machine. I still want to refuse all clients to call some methods of my WCF-Service if they are using TLS 1.0 or TLS 1.1. Let the "refuse method call" be my problem. Just tell me where to see which TLS version the current connection is usingDominik
Are you using a Load balancer in front of your WCF service? How is your WCF service hosted (On IIS or Self Hosting)?Rajesh
@Dominik You can restrict the client to use old security protocol problematically below is the link for the same. stackoverflow.com/questions/26389899/…Chetan Hirapara

1 Answers

0
votes

You can probably create 2 applications - one that only accepts TLS 1.2, and the other that accepts TLS 1.0, 1.1.

To support only TLS 1.2 and no SSL protocols, you can do this:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;