如何在Asp.Net Core 3.1中启用TLS 1.2 [英] How to enable TLS 1.2 in Asp.Net Core 3.1

问题描述

我正在研究Asp.Net Core 3.1项目.我正在本地测试.我开始收到错误消息，

您的连接不完全安全该网站使用了过时的安全性配置，当它发送到该网站时，可能会暴露您的信息(例如，密码，消息或信用卡).NET :: ERR_SSL_OBSOLETE_VERSION

用于加载此站点的连接使用TLS 1.0或TLS 1.1，已弃用，以后将被禁用.一旦禁用，将阻止用户加载该网站.服务器应启用TLS 1.2或更高版本.

我什至从Program.cs启用了TLS 1.2，如下所示-

 公共静态IHostBuilder CreateHostBuilder(string [] args)=>Host.CreateDefaultBuilder(args).ConfigureWebHostDefaults(webBuilder =>{webBuilder.ConfigureKestrel(serverOptions =>{serverOptions.ConfigureHttpsDefaults(co =>{co.SslProtocols = SslProtocols.Tls12;});}).UseStartup< Startup>();}); 

但仍然是相同的错误.

能否请您指导如何解决此问题?

解决方案

为了解决该错误，我尝试使用

最终，我偶然发现了解决方案.

希望它可以节省别人的时间.

I am working on Asp.Net Core 3.1 project. I am testing locally. I started getting errors as

Your connection is not fully secure This site uses an outdated security configuration, which may expose your information (for example, passwords, messages or credit cards) when it is sent to this site. NET::ERR_SSL_OBSOLETE_VERSION

The connection used to load this site used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading this site. The server should enable TLS 1.2 or later.

I have even enabled TLS 1.2 from Program.cs as below -

public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.ConfigureKestrel(serverOptions =>
                {
                    serverOptions.ConfigureHttpsDefaults(co =>
                    {
                        co.SslProtocols = SslProtocols.Tls12;
                    });
                }).UseStartup<Startup>();
            });

But still same error.

Can you please guide how to resolve this issue?

解决方案

In order to fix the error, I tried with the solution. That didn't help. The method I tried was suggested here which, as per author, seem to work for ASP.NET Core 2.0 only.

I take look over configuration options and found that by default ASP.NET Core 3.1 uses TLS 1.1 and TLS 1.2 for requests. So, we need nothing to do from code end.

Eventually, I stumbled over an article that shares-

Windows 7 supports TLS 1.1 and TLS 1.2. But these protocol versions are not enabled on it by default. On Windows 8 and higher these protocol are enabled by default.

So, this was the real cause of the error. I fixed the issue by enabling TLS 1.2 from the registry editor. Even Microsoft suggested the same solution.

Hope it saves somebody else's time.

这篇关于如何在Asp.Net Core 3.1中启用TLS 1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！