Transport Layer Security (TLS) best practices with the .NET Framework

TLS best practices with .NET Framework


TLS 1.0 is a security protocol first defined in 1999 for establishing encryption channels over computer networks.  Microsoft has supported this protocol since Windows XP/Server 2003.  While no longer the default security protocol in use by modern OSes, TLS 1.0 is still supported for backwards compatibility.  Evolving regulatory requirements as well as new security vulnerabilities in TLS 1.0 provide corporations with the incentive to disable TLS 1.0 entirely. 

TLS 1.2 is a standard that provides security improvements over previous versions. TLS 1.2 will eventually be replaced by the newest released standard TLS 1.3 which is faster and has improved security. 

To ensure .NET Framework applications remain secure, the TLS version should not be hardcoded. .NET Framework applications should use the TLS version the operating system (OS) supports.

With TLS 1.2/1.3 change impact the source code uses the following namespace/library/classes.


Following best practices suggested.
  • For TLS 1.2, target .NET Framework 4.7 or later versions on your apps, and target .NET Framework 4.7.1 or later versions on your WCF apps.
  • For TLS 1.3, target .NET Framework 4.8 or later.
  • Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
  • Perform a thorough code audit to verify you're not specifying a TLS or SSL version.
  • For .NET Framework 4.6 - 4.6.2 and not WCF Set the DontEnableSystemDefaultTlsVersions AppContext switch to false.
  • If you are running on .NET Framework 3.5, you need to install a hot patch so that TLS 1.2 can be specified by your program:

When your app lets the OS choose the TLS version:

  • It automatically takes advantage of new protocols added in the future, such as TLS 1.3.
  • The OS blocks protocols that are discovered not to be secure.




Ref :-
https://docs.microsoft.com/

Comments

Post a Comment

Popular posts from this blog

OutSystems – A Low-code Development Platform

Image
Introduction :- Low-code is a way for developers of all skill levels to design applications quickly and with minimum hand-coding by dragging and dropping visual blocks of existing code into a workflow to create applications.  It is model-driven or visual development paradigms supported by expression languages or scripting. Benefits of Low-Code Platform:- Faster Delivery Time and Reduce the cost of development by up to 60%.
Read more

What is difference between Azure Cognitive Search and Elastic Search

Image
  Cognitive search and Elastic search Azure Cognitive Search :-  The Azure Cognitive Search service enables search over different types of content by letting you create and manage search indexes. You can import data from a variety of sources, with AI-powered indexing that can infer and extract searchable content from non-text sources. You decide what data is imported into the index, and set up indexers to pull that data into it, or push JSON formatted documents manually. Azure Cognitive Search also lets you query search indexes. The results contain only your data, which can include text inferred or extracted from images, or new entities and key phrases detection through text analytics. It's a Platform as a Service (PaaS) so Microsoft manages the infrastructure and availability, allowing your organization to benefit without the need to purchase or manage additional hardware resources. Azure Cognitive Search exists to compliment existing technologies and provides a programmable searc
Read more

failed to access iis metabase asp.net

http://www.blogger.com/img/blank.gif set the userName to SYSTEM in the processModel of the machine.config file, the http://www.blogger.com/img/blank.gifappliaction works just fine. Omitting the userName attribute gives me the error. From reading other posts, this is indicative of a permissions problem. So, without specifying the userName, I tried the application while running filemon, but I don't see any file access getting denied like I expected to see based on the posts I have read. step1:- aspnet_regiis -i Step2:- aspnet_regiis -ga ASPNET http://www.getitshare.com http://www.shriashoka.com
Read more