An API service I use is disabling SSL 3.0 because of the POODLE exploit. If I use HttpClient and HttpRequestMessage do I need to change my code?

Question

Say I do typical stuff like this:

HttpRequestMessage requestMessage = new HttpRequestMessage();
requestMessage.RequestUri = new Uri("https://api.site.com/");
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Task<HttpResponseMessage> responseMessage = httpClient.SendAsync(requestMessage);

And the API service tells me they're turning off SSL 3.0 because of the POODLE exploit, do I have to do anything to my code to make sure it will use TLS? Does anything need to happen with the machine making the request?

I'm aware that there's a significant amount of ignorance baked into the question, but I think a lot of developers just want this question answered.

score 2 · Accepted Answer · answered Oct 17 '14 at 12:00

I faced same issue for Facebook and twitter yesterday and Linkedin from today. Added the following piece of code before every web request worked for me.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

It was lot confusing as on restarting the application, it worked for 10-15 mins before the first error. Following was the error logged.

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

I tried powershell script to disable ssl and enable tls in the server using http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12

It did not work and finally had to change the code to make it work.

An API service I use is disabling SSL 3.0 because of the POODLE exploit. If I use HttpClient and HttpRequestMessage do I need to change my code?

1 Answers1