3

I want to support all security protocols from ssl3 to tls 1.2 . But while searching on net I either found code as 

`ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11;`

or as 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

But, I want to support all the protocols. So, is it wrong to write as 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

I didn't give me any compilation errors when I wrote the above code.So, will this cause any problem?

V K
  • 1,645
  • 3
  • 26
  • 57
  • 1
    You're writing new code and you're explicitly trying to support a protocol that security experts say should not be used? – Damien_The_Unbeliever Aug 09 '16 at 06:44
  • 1
    If guys on the server side use it, then what can I do.My question is will specifying four protocols work? – V K Aug 09 '16 at 06:47
  • You can provide all 4 protocols and it will support all 4. The connection will be established with the highest (best) supported protocol. So if your code supports all 4, but you connect to someone who supports only SSL3 and TLS1.1, you will connect with TLS1.1 – George Feb 16 '18 at 23:10

1 Answers1

1

Yes it will work. You can find a web site which only supports TLS 1.2 and try different combinations of this value, when you omit SecurityProtocolType.Tls12 from your value, your .NET app won't be able to connect to that site.

huseyint
  • 14,953
  • 15
  • 56
  • 78