2
votes

Using the HttpClient with Microsoft.Net.Http Nuget package, how can I default to TLS 1.2 or 1.1?

Perhaps complicating things is that I'm using a PCL that's targeting: .NET Framework 4.5, Windows 8, and Windows Phone Silverlight 8 (i.e. Profile78 / targetFramework="portable-net45+win8+wp8").

[Update]

Based on the discussion with Steffen I should clarify: I want to ensure that the portable version of HttpClient will support TLS12 and TLS11 if requested by the server. (Revised the title but left the original question.)

1
It should use the best TLS version supported by client and server by default. There should be no need to default to a specific version. You might be able to restrict the versions to TLS 1.2 but then the connection might fail because the peer does not support TLS 1.2 yet.Steffen Ullrich
Thanks. Any thoughts on how to check? I seem to have issues using ServicePointManager -- my guess is it's due to the PCL targets.Wade
I'm not familiar with the specifics of .NET but with a packet capture (wireshark) one could see which protocol gets used.Steffen Ullrich
This challenge definitely seems related to the lack of ServicePointManager in the portable version of HttpClient -- without it, I'm not sure how to tell it to try TLS12->TLS11->TLS (or if it's already doing it).Wade
Trying all the versions is not how TLS works. The clients tells the server the best it can and the server then uses a version which is equal or lower. If this fails because the client restricted the minimal version than it fails permanently.Steffen Ullrich

1 Answers

0
votes

I'm sure you've probably worked it out by now but the current pcl implementation does not support 1.2 or 1.1 so if the server requires it the call will fail.

if you are developing for ios or Android you can use ModernHttpClient that uses the platform specific versions at run time which do support 1.2 and 1.1

I am also investigating a solution for use within a pcl library only. I will update here when I have found it