0

I have an application that hosts WebAPI (HttpSelfHostServer) on windows service. Communication over SSL (self-signed certificate for localhost). Now I have two cases:

  1. Windows7 - when calling API method (from the browser for example) I see that TLS 1.0 is used
  2. Windows10 - the same call, but here we have TLS1.2

It is the same app in both cases. Moreover, I have set the following property in the entry point of the service

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

When I open any page on IE on Win7 I can see that TLS1.2 is ok. What do I have to do, to force communication over TLS1.2 in my WebAPI on Win7?

Any ideas?

john_9559
  • 41
  • 3
  • It is the caller who should use `ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;` to force TLS 1.2 connections. To enforce TLS 1.2 for your self hosting web service, you should modify server side TLS registry keys to disable old versions. – Lex Li Nov 13 '21 at 04:14
  • @LexLi - you were right. Modifying registry keys solved the problem. – john_9559 Nov 15 '21 at 08:23

1 Answers1

0

Consider checking to see if TLS 1.1 / 1.2 is enabled on your Windows 7 machine.

Example: [1]: https://help.runbox.com/enabling-tls-1-2-on-windows-7/

You could also consider using IIS Crypto if you don't want to play in the registry:

https://www.nartac.com/Products/IISCrypto/

Use caution if you access these machines by a remote connection!

jessiebot
  • 11
  • 2