Do I need to enforce TLS 1.2 in my ASP.NET 4.6 application?
We have a third party API that will be using TLS 1.2 shortly.
We have two separate applications that connect to this API, a console application and an ASP.NET web application written in C #.
I have redirected my console application to use .NET 4.6, which is also installed on the host machine. I added this at the top Main
.
private static void Main(string[] args)
{
// Enable TLS 1.2
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
// Disable old protocols
ServicePointManager.SecurityProtocol &= ~(SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11);
...
}
I'm sure this is sufficient for a console application as it only has one entry point.
However, I am confused about what I need to do for an ASP.NET web application.
First, it consisted of 3 projects. Two are class libraries for the framework and service layer respectively, the third is an ASP web application for the user interface. I went through each of them and targeted them at .NET 4.6.
From what I've read, this sounds like all I need to do as the highest protocol will be negotiated by default.
Am I correct?
If I'm wrong, where can I add the same line from the console application? Global.asax?
source to share