1

I made an application (in C#) connecting to Azure Service Bus Relay and it works well. However using WireShark I found out that both the server and client side use encryption with TLS 1.0 which is supposed to be degraded now. How can I force it to use TLS 1.1 or TLS 1.2? Is there a parameter that I can set to specify TLS version?

part of App.config below:

  <services>
    <service name="GatewayServer.GatewayService">
      <endpoint address="sb://myowntest.servicebus.windows.net" binding="netTcpRelayBinding" contract="GatewayServer.IGateway"  behaviorConfiguration="gateway"/>
    </service>
  </services>
  <behaviors>
    <endpointBehaviors>
      <behavior name="gateway">
        <transportClientEndpointBehavior>
          <tokenProvider>
            <sharedAccessSignature keyName="RootManageSharedAccessKey" key="myveryownkey=" />
          </tokenProvider>
        </transportClientEndpointBehavior>
      </behavior>
    </endpointBehaviors>
  </behaviors>

part of the code to start the host:

ServiceHost sh = null;

sh = new ServiceHost(typeof(GatewayService));
sh.Open();
pdube
  • 593
  • 1
  • 11
  • 26
  • You may need to install a hotfix. I found this regarding this issue with WCF: http://blogs.msdn.com/b/benjaminperkins/archive/2014/11/04/using-tls-1-2-with-wcf.aspx – TheDude Feb 23 '16 at 20:41
  • Did not help. The hotfix is outdated, in the sense that it was part of other service packs and not necessary to apply at this time. Trying to force TLS 1.2 by adding this code: `ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;` did not help either. I am still getting TLS 1.0 – pdube Feb 25 '16 at 21:12
  • Were you able to find a way to use TLS 1.1+? – dmarlow Apr 28 '16 at 15:36
  • Yes and no. If am using tcp mode and not https by using `ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Tcp;` there is no TLS involved. But using `ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Https;` will still use TLS 1.0. For now, I'll stick to Tcp mode only, as it also seems to be faster. – pdube May 03 '16 at 19:10

0 Answers0