The client always communicates using TLS 1.0 , On the Client side, I am having Windows Server 2012 R2 ( which as per the documentation it supports TLS 1.2 ) After going through many forums I realized that adding below registry entry might help.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
But still, the protocol client first contacts server is with TLS 1.0.
client-side configurations are as below:
Windows Server 2012 R2 .NET httpRuntime targetFramework="4.5.2" .NET Version=4.0.30319.42000 32bit ( I assume this means it is on .NET framework 4.5.2)
Also, I tried adding the below code to App.config and Web.config files.
**Web.config**
<appSettings>
<add name="AppContext.SetSwitch:Switch.System.Net.DontEnableSystemDefaultTlsVersions" value="false" />
</appSettings>
**App.config**
<appSettings>
<AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSystemDefaultTlsVersions=false" />
</appSettings>
What can be the possible reason for the client using TLS 1.0 during the initial handshake with Server? and how to make sure the client always tries to communicate with TLSv1.2 without disabling TLS 1.0 ?
I have found when
targetFramework="4.7.2"
that I need to use these two web.config entries to force TLS 1.2:See lots of details on Stack Overflow.
I am not sure about whether this would help you with
targetFramework="4.5.2"
but perhaps it doesn't matter what the target is so much as what version is installed?I have never had to make any registry changes. I've only ever had to add those two lines to the web.config file.