Disable SSL fallback and use only TLS for outbound connections in .NET? (Poodle mitigation)

by

We are doing the same thing. To support only TLS 1.2 and no SSL protocols, you can do this:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

SecurityProtocolType.Tls is only TLS 1.0, not all TLS versions.

As a side: If you want to check that your site does not allow SSL connections, you can do so here (I don’t think this will be affected by the above setting, we had to edit the registry to force IIS to use TLS for incoming connections):
https://www.ssllabs.com/ssltest/index.html

To disable SSL 2.0 and 3.0 in IIS, see this page: https://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html

More Related Contents:

  1. Default SecurityProtocol in .NET 4.5
  2. Are there .NET implementation of TLS 1.2?
  3. how to get private key from PEM file?
  4. .Net Framework 4.6.1 not defaulting to TLS 1.2
  5. Accept self-signed TLS/SSL certificate in VB.NET
  6. Difference between decimal, float and double in .NET?
  7. Why does WPF support binding to properties of an object, but not fields?
  8. How do you effectively model inheritance in a database?
  9. HttpWebRequest to URL with dot at the end
  10. Is it possible to set private property via reflection?
  11. Path to MSBuild
  12. What is the difference between SqlCommand.CommandTimeout and SqlConnection.ConnectionTimeout?
  13. How to change default view location scheme in ASP.NET MVC?
  14. Regex.IsMatch vs string.Contains
  15. How to load a .NET assembly for reflection operations and subsequently unload it?
  16. How to open a WOW64 registry key from a 64-bit .NET application
  17. Does this code prevent SQL injection?
  18. Does the .NET CLR JIT compile every method, every time?
  19. How do I launch an application after install in a Visual Studio Setup Project
  20. Changing the type of an (Entity Framework) entity that is part of an inheritance hierarchy
  21. Adding a bindingRedirect to a .Net Standard library
  22. How to set read permission on the private key file of X.509 certificate from .NET
  23. Removing .aspx from pages using rewriteModule?
  24. Open .net framework 4.5 project in VS 2022. Is there any workaround?
  25. How to programmatically restart windows explorer process
  26. No AppDomains in .NET Core! Why?
  27. Regex to match anything but two words
  28. How can I tell whether two .NET DLLs are the same?
  29. Why does BCL GZipStream (with StreamReader) not reliably detect Data Errors with CRC32?
  30. ‘Shadows’ vs. ‘Overrides’ in VB.NET

Leave a Comment