TLS Upgrade- A mandate for third party services
We came across an unusual issue with one of our third-party services a while back. It suddenly stopped working. The error we received was not very forthcoming. However, after some investigation, we found that there was a connection error with the third-party service due to the security protocol used. We did some research and understood that the version of TLS we used was no longer supported and we have to upgrade to TLS 1.2/1.3. In short, any third-party API that is using TLS standard below TLS 1.2 is considered to be non-secure.
Another issue I found interesting similar to this is, that TLS 1.2 is not supported by older versions of ASP.net frameworks. The recommended version of ASP.net framework is 4.7 as TLS 1.2 is by default a standard in this version.
A brief on TLS
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications (email, text, payment gateways etc), basically provides authentication. A similar security protocol we use is SSL (Secure Socket Layer). Well, TLS is just an extension to SSL.
At the beginning of each connection, a process called a handshake occurs. During this process, the client authenticates the server’s TLS certificate and the two decide on a mutually supported encryption algorithm. This is where they acknowledge each other, and the version of the protocol and the supporting algorithms are determined.
Workaround to Enable support
If you are using any other version of the framework above 4.0 say, 4.5, you can use the code below to enable support with TLS
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
Or modify the web.config as below
If you go ahead and upgrade your framework to 4.7, ensure that all the console apps and dlls in the project are built and tested once for failures. I’d strongly recommend adopting an approach like this, rather than hard-coding any particular security protocol states unconditionally.
“The advance of technology is based on making it fit in so that you don’t really even notice it, so it’s part of everyday life.”- Bill Gates
On that note, I hope you guys are apprised with the version upgrades of the different tools or services commonly used.
Share or comment if you had any similar experiences.
