Customer Scenario is: TLS 1.0 and TLS1.1 is disabled in the server, and only TLS1.2 is enabled in Registry. As HTTPS changes for WCF services depends on TLS, they are facing TLS issues in application flow. To fix the issue, they had added below lines of code in multiple places at client side call. But this is not a recommended way at all.
System.Net.ServicePointManager.SecurityProtocol =
SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
We tried to add the line in Global.asax file instead of adding in multiple places too for a project, but that did not work.
The issue was fixed by adding a registry setting “SchUseStrongCrypto” with value “1” that requires all .NET applications to use TLS 1.2 instead of 1.0 by default.
Now the question here is : Is there any impact or limitation on adding this registry key value? What is the best practice to resolve this kind of issue? Which .Net Framework should be ideally targeted so that this key will be set to 1 by default?
It is best not to specify the TLS version. Configure your code to let the operating system determine the TLS version. If you want to test locally, you can add the following code to customize the verification certificate.
ServicePointManager.ServerCertificateValidationCallback+= delegate
{
return true;
};
This is for your reference:Transport Layer Security (TLS) best practices with the .NET Framework