.NET 4.5 和 .NET 4.5.1 是否默认启用 TLS 1.1 和 TLS 1.2? [英] Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?

问题描述

在我们的 Windows 2012 Server R2 上，我们需要禁用 TLS 1.0.

On our Windows 2012 Server R2, we need to disabled TLS 1.0.

但是，我们运行了 .NET 4.5 Wcf 服务.我们发现如果我们禁用 TLS 1.0，WCF 服务将不再运行，因为我们收到错误远程主机强制关闭现有连接".

However we have .NET 4.5 Wcf services running. We found that if we disable TLS 1.0 that the WCF services no longer run, as we get the error 'An existing connection was forcibly closed by the remote host'.

TLS 1.1/1.2 是否在 .NET 4.5 和 .NET 4.5.1 中默认启用?如果不是，我们假设是这种情况，在我们的 WCF 项目中，我们会强制项目使用 TLS 1.1/1.2 吗?

Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1 ? If not, which we assume is the case, where in our WCF project do we force the project to use TLS 1.1/1.2 ?

推荐答案

在 .NET 4.5 和 .NET 4.5.1 中是否默认启用 TLS 1.1/1.2?

Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1?

没有.为各种框架版本启用的默认协议是:

No. The default protocols enabled for the various framework versions are:

• .NET Framework 4.5 和 4.5.1:SSLv3 和 TLSv1
• .NET Framework 4.5.2:SSLv3、TLSv1 和 TLSv1.1
• .NET Framework 4.6 及更高版本:TLSv1、TLSv1.1 和 TLS1.2

来源:[1] [2] [3]

Sources: [1] [2] [3]

虽然 Microsoft 建议不要明确指定协议版本赞成使用操作系统的默认值:

While Microsoft recommends against explicitly specifying protocol versions in favour of using the operating system's defaults:

为确保 .NET Framework 应用程序保持安全，TLS 版本应该不被硬编码..NET Framework 应用程序应使用操作系统 (OS) 支持的 TLS 版本.

To ensure .NET Framework applications remain secure, the TLS version should not be hardcoded. .NET Framework applications should use the TLS version the operating system (OS) supports.

...仍然可以使用 ServicePointManager 类，特别是通过设置 SecurityProtocol 属性到相关的 SecurityProtocolTypes.

... it's still possible to select which protocols your application supports by using the ServicePointManager class, specifically by setting the SecurityProtocol property to the relevant SecurityProtocolTypes.

在您的情况下，您希望使用以下内容:

In your case you would want to use the following:

System.Net.ServicePointManager.SecurityProtocol =
    SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

请注意，自 2020 年起，TLSv1 和 TLSv1.1 已被有效弃用；您应该避免构建依赖这些协议的新应用程序，并尽一切努力升级当前使用它们的应用程序.

Note that TLSv1 and TLSv1.1 are effectively deprecated as of 2020; you should avoid building new applications that rely on these protocols, and make every effort to upgrade applications that currently use them.

这篇关于.NET 4.5 和 .NET 4.5.1 是否默认启用 TLS 1.1 和 TLS 1.2?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！