On our Windows 2012 Server R2, we need to disabled TLS 1.0.
However we have .NET 4.5 Wcf services running. We found that if we disable TLS 1.0 that the WCF services no longer run, as we get the error 'An existing connection was forcibly closed by the remote host'.
Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1 ? If not, which we assume is the case, where in our WCF project do we force the project to use TLS 1.1/1.2 ?
Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1?
No. The default protocols enabled for the various framework versions are:
While Microsoft recommends against explicitly specifying protocol versions in favour of using the operating system's defaults:
To ensure .NET Framework applications remain secure, the TLS version should not be hardcoded. .NET Framework applications should use the TLS version the operating system (OS) supports.
... it's still possible to select which protocols your application supports by using the ServicePointManager class, specifically by setting the SecurityProtocol property to the relevant SecurityProtocolTypes.
In your case you would want to use the following:
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Note that TLSv1 and TLSv1.1 are effectively deprecated as of 2020; you should avoid building new applications that rely on these protocols, and make every effort to upgrade applications that currently use them.
The answer by Ian Kemp works without an issue, but I just wanted to provide another answer that means you don't have to recompile your code.
Anything above .NET 4.5 can support TLS 1.2 however the default of anything lower than .NET 4.7 is TLS 1.1. So if you need to access something using TLS 1.2 you get an error as it will be trying to use the default.
You can add the following code to your configuration file, to override the default.
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
</runtime>
