How to implement "SecurityProtocolType.Ssl, Ssl1, Ssl2, Ssl3; " through web.config not in global.asax.cs

asp.net wcf ssl web-config tls1.2

28,225

Typically, enums are converted from strings in the web.config, using Enum.Parse or Enum.TryParse. I expect (but have not checked the reference source to confirm) that the same is true for the WCF settings.

Enum.Parse uses a comma to separate flags-based enum values, but can also parse the equivalent integer values as strings, if need be.

Therefore, if your problem is concatenating the flags-based enum values in the web.config setting, you may be able to do so using comma to separate, e.g.:

sslProtocols="SSl3, Tls"
sslProtocols="SSl3, Tls, Tls11, Tls12"

Or, if your problem is that Tls12 is not a recognised value, then this was only added in .NET 4.5. If you are compiling for .NET 4.0, then it won't parse as a named enum. However, .NET 4.5 is an in-place update to 4.0, so if you have 4.5 installed you may be able to parse the numeric value:

sslProtocols="4080"

This is taken from the sum of all the numeric values for the System.Net.SecurityProtocolType enum. These numeric values are also the same as the values in System.Security.Authentication.SslProtocols and System.IdentityModel.SchProtocols, so I'm going to guess that they are the same in your case.

Ssl3 = 48,
Tls = 192,
Tls11 = 768,
Tls12 = 3072

Of course, if it is available to you, it might be cleaner to upgrade to at least Visual Studio 2012 / .NET 4.5, where the named strings should become available.

28,225

Author by

Maryadi Poipo

PHP, Javascript, JQuery, Bootstrap and C++ :-)

Updated on May 04, 2020

Comments

Maryadi Poipo about 4 years
My question is simple, I have read these two main pages :
- The request was aborted: Could not create SSL/TLS secure channel
- MSDN - Element
But from the first link, it's showing configuration for SecurityProtocol set in global.asax.cs for solving

"System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel."

Here, I want this config is set in web.config / app.config, just for making it a little specific for own project not for all asp.net projects... Then I think the second link {msdn.microsoft.com.....} is the way, but the SSL/TLS error is still there... So my question how to implement following through web.config?
```
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
        | SecurityProtocolType.Tls11
        | SecurityProtocolType.Tls12
        | SecurityProtocolType.Ssl3;
```
I have read this page too Force by config to use tls 1.0 in a wcf client c#, but there are no answers.

and then... I just found these pages :
- https://msdn.microsoft.com/en-us/library/ms731328(v=vs.110).aspx
- https://msdn.microsoft.com/en-us/library/ms731377(v=vs.100).aspx
then I implement my custom binding like this :
```
<customBinding >
      <binding name="SureTaxSoap">                  
           <sslStreamSecurity requireClientCertificate="true"   sslProtocols="Ssl3|Tls|Tls11|Tls12" >                    
                </sslStreamSecurity>
            </binding>
</customBinding>
```
but sslProtocols="Ssl3|Tls|Tls11|Tls12" is unidentified
Maryadi Poipo over 8 years

The problem is SslProtocols="Tls12" is undefined in my web.config
Richard Erickson about 8 years

Welcome to SO. Please double check the formatting of your code.
Suncat2000 almost 5 years

@HyosokaPoipo The TLS 1.2 option was introduced in .NET Framework 4.5, so you will need an alternative syntax if you're using 4.0. See jimbobmcgee's answer for more detailed information.