When using System.Net.WebRequest your application will negotiate with the server to determine the highest TLS version that both your application and the server support, and use this. You can see more details on how this works here: http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake If the server doesn’t support TLS it will fallback to SSL, therefore it could potentially fallback to … Read more
Unless you have no choice other than using SSL 3, the link below explains the configuration. The release notes for the update 31 provide information for enabling the SSL 3 again in Java. As stated: If SSLv3 is absolutely required, the protocol can be reactivated by removing “SSLv3” from the jdk.tls.disabledAlgorithms property in the java.security … Read more
There are several other posts about this now and they all point to enabling TLS 1.2. Anything less is unsafe. You can do this in .NET 3.5 with a patch. You can do this in .NET 4.0 and 4.5 with a single line of code ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5 ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // … Read more
I found the solution for it by analyzing the data packets using wireshark. What I found is that while making a secure connection, android was falling back to SSLv3 from TLSv1 . It is a bug in android versions < 4.4 , and it can be solved by removing the SSLv3 protocol from Enabled Protocols … Read more