.NET  

Overview of TLS with .NET Framework

In this walk-through you will come to know the following things:

  • What is TLS?
  • What is the advantage of using TLS?
  • Which TLS version works with which .NET Framework version?
  • How to enable TLS version using C# in code?
  • How to set the default TLS version?
  • How to find an active TLS version on a site using C# code?

What is TLS?

TLS stands for Transport Layer Security. TLS is one type of protocol which provides a secure communication channel for data transmission over the internet.

TLS helps to transport data in the following ways:

  • Client To Server (Primary)
  • Server To Server

What is the advantages of using TLS?

The following are advantages of using TLS.

  • Encryption: TLS encrypts data in transit and prevents eavesdropping or data leakage.
  • Authentication: TLS uses a digital certificate to confirm identity.
  • Data Integrity: TLS boosts in transit and ensures that data has not been altered during transit.
  • Performance: TLS 1.3 reduces handshake time and supports the latest and modern cryptography.

Which TLS version works with which .NET Framework version?

The compatibility of TLS versions with the .NET Framework on the specific framework version of the operating system.

.NET framework version 3.5 supports up to TLS 1.2.

.NET framework 4.6.2 and later (4.7, 4.7.1, 4.7.2, 4.8, 4.8.1) all support TLS 1.2 and TLS 1.3 but that depends upon the OS (Operating System).

TLS versions

How to enable TLS version using C# in code?

To explicitly enable the TLS version using C#.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;

ServicePointManager.SecurityProtocol property belongs to the SYSTEM.NET namespace.

How to set the default TLS version?

The following is a command to set the best TLS version default which choose by OS.

ServicePointManager.SecurityProtocol = SecurityProtocolType.SystemDefault

How to find an active TLS version on a site using C# code?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace CheckTlsVersionConsole
{
    public class Program
    {
        static void Main(string[] args)
        {
            if (args.Length > 0)
            {
                Console.WriteLine("======================================================\n" +
                                  " TLS  tools - To Find TLS Version of Site Tool" +
                                  "\n======================================================\n");

                var siteList = args[0].Split('|');

                foreach (var SiteName in siteList)
                {
                    string url = SiteName;
                    Uri uri = new Uri(url);

                    string host = uri.Host;
                    int port = uri.Port; // This automatically defaults to 443 for https

                    using (TcpClient client = new TcpClient(host, port))
                    using (SslStream sslStream = new SslStream(client.GetStream(), false, ValidateServerCertificate, null))
                    {
                        try
                        {
                            sslStream.AuthenticateAsClient(host);
                            Console.WriteLine($"Negotiated TLS version with {host}: {sslStream.SslProtocol}");
                        }
                        catch (Exception ex)
                        {
                            Console.WriteLine("Error: " + ex.Message);
                        }
                    }
                }
            }
            else
            {
                Console.WriteLine("======================================================\n" +
                                  " TLS tools - To Find TLS Version of Site Tool" +
                                  "\n======================================================\n" +
                                  "\n\nPlease pass sites name separated by| (Pipe symbol)" +
                                  "\n\n" +
                                  "CheckTlsVersionConsole  \"https://www.google.com| https://www.c-sharpcorner.com\"");
            }

            Console.WriteLine("\n");
            Console.WriteLine("\n");
            Console.WriteLine("Press any key to continue. . . .!");
            Console.ReadKey();
        }

        // Accept any certificate
        public static bool ValidateServerCertificate(
            object sender,
            X509Certificate certificate,
            X509Chain chain,
            SslPolicyErrors sslPolicyErrors)
        {
            return true; // Be cautious: Accepts all certificates without validation
        }
    }
}

Output

Output

Please refer following link to know more.

Happy Secure Coding. . .!