We are trying to enforce TLS 1.2 in our WCF Service.
We have our WCF Service hosted on IIS on our VM Boxes.
We are not sure how to disable TLS 1.0 and TLS 1.1 for our service.
We have tried the following approach:
Configuration change in our WCF Service (Server side) and (client side)** –
For the client side, we added the following code in our main method –
Remove insecure protocols (SSL3, TLS 1.0, TLS 1.1)
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3;
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Tls;
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Tls11;
// Add TLS 1.2, 1.3
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls13;
We have verified that this works on the client side, i.e., the client uses only TLS 1.2 to send requests after this config.
But the same configuration on our Server side WCF service does not work.
We have written this config change inside global.asax file inside Application_Start method for our
server, but the WCF Service hosted on IIS Server still accepts TLS 1.0/1.1 requests.
We have tried another method where we did registry key changes on Windows Server to disable TLS 1.0, TLS 1.1 for the whole VM box.
The blocker for going with this method is that there are many other services on our VM,
which might get affected if we do a configuration change on the whole server.
Is there any working method wherein we change the configuration of our WCF Service to disable serving TLS 1.0/1.1 requests on the service level?
Any help would be appreciated. :-)
