asp.net.netiis-7.5.net-remotingcsla

Is it possible to use .NET Remoting + TLS 1.2 (or 1.1)?

Recently our PCI DSS scan failed, and requires that we disable TLS 1.0 (and enable TLS 1.1 or 1.2). I found the instructions on how to do so on our Windows Server 2008 R2 box, but we have a legacy application that is using .NET Remoting (its a .NET 2.0 windows forms app/IIS hosted CSLA 1.5 data portal), which doesn't communicate with the new settings.

I am getting the following exception:

enter image description here

I have attempted various configurations of combinations of TLS settings in both client and server to no avail. Such as:

  1. Disabling TLS 1.0 on both client and server (in the registry) and enabling TLS 1.2.
  2. Enabling TLS 1.1 on both client and server (in the registry).

I have done some research and discovered that .NET 4.5 framework supports TLS 1.1 and 1.2, but it is unclear whether that extends to .NET remoting. Does it?

Also, I found that Microsoft's recommendation is to upgrade to 4.5.2.

That said, this application has many dependencies and incompatibilities with .NET 4.5.2, so it would be helpful to know if I am indeed going in the right direction by upgrading or whether I should be in a mad rush to rewrite this application altogether (all options I have explored require major application changes). Even building a test application to try it out could be challenging, since I haven't dealt with .NET remoting directly in about 10 years.

So, again my question is - does .NET remoting support TLS 1.1 or 1.2?

Also:

  1. Is upgrading to .NET framework 4.5.2 enough to get it there?
  2. Are there more configuration settings that need to be put into place to make it communicate and if so, what are they?
  3. If upgrading to .NET framework 4.5.2 is all that is required, does the whole application need to be upgraded, just the parts that use .NET remoting, just the client that references the libraries that use .NET remoting, or some other combination?

I am using:

  1. Windows Server 2008 R2 as a server.
  2. IIS 7.5 to host the remoting with SSL enababled (CSLA dataportal).
  3. Windows 7 Professional for the client.
Solution

  • I discovered the solution in this obscure MSDN blog post. In order to use TLS 1.2, you have to enable the Group Policy setting for using FIPS complaint encryption algorithms.

    That fixes the issue with .NET remoting, click once deployment, and MS Web Deploy. Unfortunately, it broke my ASP.NET web applications and I am still looking for a solution to that issue.