在 HttpClient C# 中支持 TLS 1.2
supporting TLS 1.2 in HttpClient C#
下午好!
我通过 HttpClient 使用 Azure Maps API。
如何启用对 TLS 1.2 的支持?
据我所知,Framework 4.6+ 支持它。我不应该为此做任何事情吗?
使用ServicePointManager设置安全协议。
Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.
HttpClient httpClient = new HttpClient();
//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.
Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.
在一般中,您不需要在您的应用程序中指定任何配置即可启用最新的 TLS 协议。
docs.microsoft.com for earlier than .Net 4.7 中概述了最佳做法和方案。
在高级别,您应该进行审核以确保您的应用程序不会对较低的 TLS 版本产生任何硬依赖。但除此之外不需要任何工作。
We recommend that you:
- Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
- Do not specify the TLS version. Configure your code to let the OS decide on the TLS
version.
- Perform a thorough code audit to verify you're not specifying a TLS or SSL version.
When your app lets the OS choose the TLS version:
- It automatically takes advantage of new protocols added in the future,
such as TLS 1.3.
- The OS blocks protocols that are discovered not to be secure.
上的 Microsoft 文档值得探索
对我来说,通过添加以下注册表项之一解决了这个问题:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
下午好! 我通过 HttpClient 使用 Azure Maps API。 如何启用对 TLS 1.2 的支持? 据我所知,Framework 4.6+ 支持它。我不应该为此做任何事情吗?
使用ServicePointManager设置安全协议。
Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.
HttpClient httpClient = new HttpClient();
//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.
Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.
在一般中,您不需要在您的应用程序中指定任何配置即可启用最新的 TLS 协议。
docs.microsoft.com for earlier than .Net 4.7 中概述了最佳做法和方案。
在高级别,您应该进行审核以确保您的应用程序不会对较低的 TLS 版本产生任何硬依赖。但除此之外不需要任何工作。
We recommend that you:
- Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
- Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
- Perform a thorough code audit to verify you're not specifying a TLS or SSL version.
When your app lets the OS choose the TLS version:
- It automatically takes advantage of new protocols added in the future, such as TLS 1.3.
- The OS blocks protocols that are discovered not to be secure.
对我来说,通过添加以下注册表项之一解决了这个问题:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001