Migrate SOAP/REST client from TLS 1.0 to TLS 1.2

Question

faced with next problem:

I have .net web application running under .NET Framework 4.5.2. Applicating communicates to SalesForce using:

• SOAP API
• REST API (https://github.com/developerforce/Force.com-Toolkit-for-NET/).

SalesForce announced disabling the TLS 1.0 encryption protocol on March 4, 2017. Do I need to do some adjustments in order to migrate to TLS 1.2?

The default System.Net.ServicePointManager.SecurityProtocol in .NET 4.5 is SecurityProtocolType.Tls|SecurityProtocolType.Ssl3, and .NET 4.5 supports up to TLS 1.2

Do I need to update System.Net.ServicePointManager.SecurityProtocol? If so, can it have an impact on communication with other api's?

I will be grateful for any help.

Answer 1

We had some issues in the log alerting us that we were logging on salesforce api using an old protocol not so long ago, after searching a bit i initialise the security protocol with

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

This will force all connection to use tls 1.2 within your program tho. Sometime it seemed some call were trying to use tls1.0 with the default config... However to be sure you don't need to change just download your API log history and check if you have any connection attempt below tls1.2 and if its the case force the upgrade to tls1.2

Answer 2

You can also add the following registry keys to force TLS 1.2 in .NET 4.5+. They will only be overwritten if the System.Net.ServicePointManager.SecurityProtocol is specifically defined within the application.

Set/create the "SchUseStrongCrypto" DWORD value in the following two registry keys to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319