在所有连接上强制 ServicePointManager.SecurityProtocol 为 TLS 1.2 [英] Force ServicePointManager.SecurityProtocol to TLS 1.2 on all connections

问题描述

我有一个发送传出请求的 WCF 服务.目前它使用 SSL 3.0 或 TLS 1.0.

I have a WCF service which sends an outgoing request. Currently it is using SSL 3.0 or TLS 1.0.

我向其发送请求的服务现在只接受 TLS 1.2.

The service I am sending the request to now only accepts TLS 1.2.

我可以在请求之前(以及每个请求)设置 SecurityProtocolType，但我希望它对所有传出请求使用 TLS 1.2，而无需指定对于每个请求.

I can set the SecurityProtocolType just before the request (and for each request), but I would like it to use TLS 1.2 for all outgoing requests without having to specify it for each request.

此代码为请求正确设置:

This code sets it correctly for the request:

<OperationContract(), WebGet(UriTemplate:="...")>
Public Function SomeService()

    System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType) 3072; // 3072 is TLS 1.2

    // Do request

End Function

但我看不到如何将 WCF 设置为对所有请求使用 TLS 1.2.我曾尝试将上述语句放入 Global.asax 中的 Application_Start 和 Application_BeginRequest 中，但是到执行请求时，SecurityProtocol 回到 SSL3/TLS1.0

But I cannot see how to set WCF to use TLS 1.2 for all requests. I have tried placing the above statement into Application_Start and Application_BeginRequest in Global.asax, but by the time it comes to doing the request, SecurityProtocol is back to SSL3/TLS1.0

推荐答案

如果您有权访问注册表，则可以应用以下项:注册表键

If you have access to the registry you can apply the following key: registry key

这会在传输层的 Windows 级别强制执行 TLS 1.2，因此您无需更改任何代码.

This enforces TLS 1.2 at the Windows level of the Transport Layer so you don't need to change any code.

这些是上面文件中更改的键:

These are the keys changed in the above file:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

这篇关于在所有连接上强制 ServicePointManager.SecurityProtocol 为 TLS 1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！