更新.NET Web服务以使用TLS 1.2 [英] Update .NET web service to use TLS 1.2

问题描述

我需要使用TLS 1.2将.NET Web服务连接到另一个将强制使用TLS 1.2的服务。我发现一个资源，该资源说.NET 4.6默认使用TLS 1.2，听起来像是最简单的解决方案。我更新了服务器上的.NET框架，然后重新启动。在IIS中，我尝试使用.NET 4.6创建应用程序池，但4.0是唯一的选择。然后我发现一些东西说它仍然会说4.0，因为4.6是对.NET 4.0的到位更新。所以我想也许我已经完成了。但是在我出于不相关原因而得到的错误页面上，它显示了 Microsoft .NET Framework版本：4.0.30319 ，因此看来我没有成功升级。有关如何确保我的应用程序池正在使用.NET 4.6的指针，或更笼统地说，如何启用TLS 1.2？

I need to use TLS 1.2 to connect from my .NET web service to another that is going to force TLS 1.2. I found a resource that said .NET 4.6 uses TLS 1.2 by default so that sounded like the easiest solution. I updated the .NET framework on the server and restarted. In IIS I tried to make an application pool using .NET 4.6 but 4.0 was the only option. Then I found something that said it would still say 4.0 because 4.6 is an "in place" update to .NET 4.0. So I thought maybe I was done. However on an error page that I got for unrelated reasons, it said Microsoft .NET Framework Version:4.0.30319 so it seems I have not successfully upgraded. Any pointers on how to make sure my application pool is using .NET 4.6, or more generally how to enable TLS 1.2?

推荐答案

实际上，我们刚刚将.NET Web服务升级到4.6，以允许TLS 1.2。

We actually just upgraded a .NET web service to 4.6 to allow TLS 1.2.

Artem所说的是我们已经完成的第一步。我们将网络服务的框架重新编译为4.6，并尝试更改注册表项以启用TLS 1.2，尽管此操作不起作用：连接仍在TLS 1.0中。另外，我们也不想在计算机上禁止SLL 3.0，TLS 1.0或TLS 1.1：其他Web服务可能正在使用此服务；我们回滚了对注册表的更改。

What Artem is saying were the first steps we've done. We recompiled the framework of the web service to 4.6 and we tried change the registry key to enable TLS 1.2, although this didn't work: the connection was still in TLS 1.0. Also, we didn't want to disallow SLL 3.0, TLS 1.0 or TLS 1.1 on the machine: other web services could be using this; we rolledback our changes on the registry.

我们实际上更改了Web.Config文件以告诉IIS：嘿，请以4.6运行我。

We actually changed the Web.Config files to tell IIS: "hey, run me in 4.6 please".

以下是我们在web.config中添加的更改+ .NET 4.6中的重新编译：

Here's the changes we added in the web.config + recompilation in .NET 4.6:

<system.web>
    <compilation targetFramework="4.6"/> <!-- Changed framework 4.0 to 4.6 -->

    <!--Added this httpRuntime -->
    <httpRuntime targetFramework="4.6" />

    <authentication mode="Windows"/>
    <pages controlRenderingCompatibilityVersion="4.0"/>
</system.web>

并且连接更改为TLS 1.2，因为IIS现在正在4.6中运行Web服务（显式地）和4.6默认情况下使用TLS 1.2。

And the connection changed to TLS 1.2, because IIS is now running the web service in 4.6 (told explicitely) and 4.6 is using TLS 1.2 by default.

这篇关于更新.NET Web服务以使用TLS 1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！