Say I do typical stuff like this:
HttpRequestMessage requestMessage = new HttpRequestMessage();
requestMessage.RequestUri = new Uri("https://api.site.com/");
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Task<HttpResponseMessage> responseMessage = httpClient.SendAsync(requestMessage);
And the API service tells me they're turning off SSL 3.0 because of the POODLE exploit, do I have to do anything to my code to make sure it will use TLS? Does anything need to happen with the machine making the request?
I'm aware that there's a significant amount of ignorance baked into the question, but I think a lot of developers just want this question answered.
I faced same issue for Facebook and twitter yesterday and Linkedin from today. Added the following piece of code before every web request worked for me.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
It was lot confusing as on restarting the application, it worked for 10-15 mins before the first error. Following was the error logged.
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
I tried powershell script to disable ssl and enable tls in the server using http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12
It did not work and finally had to change the code to make it work.