blocks|key|3577897|text|我刚刚发现.Net+Framework4.5现在支持TLSv1.2|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3577898|http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx|offset|length|3577899|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|2Q|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|N|8|@]|9|@$D|O|E|P|1|Q]]|A|$]]|$1|F|3|-4|5|6|7|R|8|@]|9|@]|A|$]]]|G|$H|$5|I|J|K|A|$L|C]]]]

Just found that .Net Framework 4.5 now supports TLSv1.2 
<a href="http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx" rel="noreferrer">http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx</a>

blocks|key|4989517|text|可以，但您必须在System.Net.ServicePointManager.SecurityProtocol手动打开TLS1.2|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4989518|System.Net.ServicePointManager.SecurityProtocol+=+SecurityProtocolType.Tls12+%7C+SecurityProtocolType.Tls11+%7C+SecurityProtocolType.Tls;+//+comparable+to+modern+browsers
var+response+=+WebRequest.Create("https://www.howsmyssl.com/").GetResponse();
var+body+=+new+StreamReader(response.GetResponseStream()).ReadToEnd();|code-block|syntax|javascript|4989519|4989520|您的客户端使用的是TLS1.2，它是加密协议的最新版本|blockquote|4989521|4989522|4989523|4989524|开箱即用，WebRequest+will+use+TLS+1.0+or+SSL+3。|4989525|4989526|您的客户端使用的是TLS1.0，它非常旧，可能容易受到野兽攻击，并且没有可用的最好的密码套件。像AES-GCM和SHA256这样替换MD5-SHA-1的附加功能对于TLS1.0客户端以及更现代的密码套件都是不可用的。|4989527|4989528|entityMap|0|LINK|mutability|MUTABLE|url|https://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.securityprotocol%2528v=vs.110%2529.aspx|1|https://stackoverflow.com/a/29221439/284795^0|8|1B|0|0|0|0|0|0|0|0|5|10|1|0|0|0|0^^$0|@$1|2|3|4|5|6|7|15|8|@]|9|@$A|16|B|17|1|18]]|C|$]]|$1|D|3|E|5|F|7|19|8|@]|9|@]|C|$G|H]]|$1|I|3|-4|5|6|7|1A|8|@]|9|@]|C|$]]|$1|J|3|K|5|L|7|1B|8|@]|9|@]|C|$]]|$1|M|3|-4|5|6|7|1C|8|@]|9|@]|C|$]]|$1|N|3|-4|5|6|7|1D|8|@]|9|@]|C|$]]|$1|O|3|-4|5|6|7|1E|8|@]|9|@]|C|$]]|$1|P|3|Q|5|6|7|1F|8|@]|9|@$A|1G|B|1H|1|1I]]|C|$]]|$1|R|3|-4|5|6|7|1J|8|@]|9|@]|C|$]]|$1|S|3|T|5|L|7|1K|8|@]|9|@]|C|$]]|$1|U|3|-4|5|6|7|1L|8|@]|9|@]|C|$]]|$1|V|3|-4|5|6|7|1M|8|@]|9|@]|C|$]]]|W|$X|$5|Y|Z|10|C|$11|12]]|13|$5|Y|Z|10|C|$11|14]]]]

Yes, though you have to turn on TLS 1.2 manually at <a href="https://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.securityprotocol%28v=vs.110%29.aspx" rel="noreferrer">System.Net.ServicePointManager.SecurityProtocol</a>

<pre><code>System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; // comparable to modern browsers
var response = WebRequest.Create("https://www.howsmyssl.com/").GetResponse();
var body = new StreamReader(response.GetResponseStream()).ReadToEnd();
</code></pre>

<blockquote>
 Your client is using TLS 1.2, the most modern version of the encryption protocol
</blockquote>

<hr>

Out the box, <a href="https://stackoverflow.com/a/29221439/284795">WebRequest will use TLS 1.0 or SSL 3</a>.

<blockquote>
 Your client is using
 TLS 1.0, which is very old, possibly susceptible
 to the BEAST attack, and doesn't have the best cipher
 suites available on it. Additions like AES-GCM, and SHA256
 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client
 as well as many more modern cipher suites.
</blockquote>

blocks|key|2050924|text|您可以使用SchUseStrongCrypto注册表设置来要求所有.NET应用程序使用TLS1.2，而不是默认的1.0。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2050925|Windows+Registry+Editor+Version+5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001|code-block|syntax|javascript|2050926|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

You can make use of the SchUseStrongCrypto registry setting to require all .NET applications to use TLS 1.2 instead of 1.0 by default.

<pre><code>Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
</code></pre>

blocks|key|1308327|text|我通过切换到最新的.Net框架解决了我的问题。所以你的目标框架设置了你的安全协议。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1308328|当你在Web.config中有这个的时候|1308329|<system.web>
++<httpRuntime+targetFramework="4.5"/>
</system.web>|code-block|syntax|javascript|1308330|默认情况下，您将获得以下内容：|1308331|ServicePointManager.SecurityProtocol+=+Ssl3+%7C+Tls|1308332|1308333|<system.web>
++<httpRuntime+targetFramework="4.6.1"/>
</system.web>|1308334|1308335|ServicePointManager.SecurityProtocol+=+Tls12+%7C+Tls11+%7C+Tls|1308336|entityMap^0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|V|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|W|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|X|8|@]|9|@]|A|$]]|$1|K|3|L|5|F|7|Y|8|@]|9|@]|A|$G|H]]|$1|M|3|C|5|6|7|Z|8|@]|9|@]|A|$]]|$1|N|3|O|5|F|7|10|8|@]|9|@]|A|$G|H]]|$1|P|3|J|5|6|7|11|8|@]|9|@]|A|$]]|$1|Q|3|R|5|F|7|12|8|@]|9|@]|A|$G|H]]|$1|S|3|-4|5|6|7|13|8|@]|9|@]|A|$]]]|T|$]]

I fixed my problem by switching to the latest .Net Framework. So your target Framework sets your Security Protocol. 

when you have this in Web.config 

<pre><code>&lt;system.web&gt;
 &lt;httpRuntime targetFramework="4.5"/&gt;
&lt;/system.web&gt;
</code></pre>

you will get this by default: 

<pre><code>ServicePointManager.SecurityProtocol = Ssl3 | Tls
</code></pre>

when you have this in Web.config

<pre><code>&lt;system.web&gt;
 &lt;httpRuntime targetFramework="4.6.1"/&gt;
&lt;/system.web&gt;
</code></pre>

you will get this by default: 

<pre><code>ServicePointManager.SecurityProtocol = Tls12 | Tls11 | Tls
</code></pre>

blocks|key|4989603|text|只需下载此registry+key并运行它。它会将必要的密钥添加到.NET框架注册表。你可以在这个link上获得更多信息。在'.NET+4.5+to+4.5.2‘中搜索'Option+2’。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4989604|reg文件将以下内容附加到注册表：|4989605|[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001|code-block|syntax|javascript|4989606|这是页面的一部分，在它崩溃的情况下是很有用的：|4989607|4989608|“..默认情况下，在不修改源代码的情况下启用TLS1.2，方法是将以下两个注册表项中的SchUseStrongCrypto+DWORD值设置为1，如果它们不存在，则创建它们："HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319“和"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319".尽管这些注册表项中的版本号是4.0.30319，但.NET+4.5、4.5.1和4.5.2框架也使用这些值。但是，这些注册表项将在该系统上安装的所有.NET+4.0、4.5、4.5.1和4.5.2应用程序中默认启用TLS1.2。因此，建议在将此更改部署到生产服务器之前对其进行测试。这也可以作为注册表导入文件使用。但是，这些注册表值不会影响设置System.Net.ServicePointManager.SecurityProtocol值的.NET应用程序。"|blockquote|4989609|4989610|entityMap|0|LINK|mutability|MUTABLE|url|https://tls1test.salesforce.com/s/NET40-Enable-TLS-1_2.reg|1|https://help.salesforce.com/apex/HTViewSolution?id=000221207^0|5|C|0|1D|4|1|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|11|8|@]|9|@$A|12|B|13|1|14]|$A|15|B|16|1|17]]|C|$]]|$1|D|3|E|5|6|7|18|8|@]|9|@]|C|$]]|$1|F|3|G|5|H|7|19|8|@]|9|@]|C|$I|J]]|$1|K|3|L|5|6|7|1A|8|@]|9|@]|C|$]]|$1|M|3|-4|5|6|7|1B|8|@]|9|@]|C|$]]|$1|N|3|O|5|P|7|1C|8|@]|9|@]|C|$]]|$1|Q|3|-4|5|6|7|1D|8|@]|9|@]|C|$]]|$1|R|3|-4|5|6|7|1E|8|@]|9|@]|C|$]]]|S|$T|$5|U|V|W|C|$X|Y]]|Z|$5|U|V|W|C|$X|10]]]]

Just download this <a href="https://tls1test.salesforce.com/s/NET40-Enable-TLS-1_2.reg" rel="nofollow noreferrer">registry key</a> and run it. It will add the necessary key to the .NET framework registry.
You can have more info at this <a href="https://help.salesforce.com/apex/HTViewSolution?id=000221207" rel="nofollow noreferrer">link</a>. Search for 'Option 2' in '.NET 4.5 to 4.5.2'.

The reg file appends the following to the Registry:

<pre><code>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
</code></pre>

This is the part of the page that is useful in case it goes broken :

<blockquote>
 "
 .. enable TLS 1.2 by default without modifying the source code by setting the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319". Although the version number in those registry keys is 4.0.30319, the .NET 4.5, 4.5.1, and 4.5.2 frameworks also use these values. Those registry keys, however, will enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. It is thus advisable to test this change before deploying it to your production servers. This is also available as a registry import file. These registry values, however, will not affect .NET applications that set the System.Net.ServicePointManager.SecurityProtocol value.
 "
</blockquote>

blocks|key|1308147|text|如果您正在处理旧版本的.NET框架，那么在我们的SecureBlackbox+product中，客户端和服务器组件都提供了对TLS1.2的支持。TLS1.2包含它自己的所有算法的实现，所以你使用哪个版本的基于.NET的框架(包括.NET+CF)并不重要-在所有情况下你都会拥有最新添加的TLS1.2。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1308148|请注意，SecureBlackbox不会神奇地将TLS1.2添加到框架类中--相反，您需要显式地使用SecureBlackbox类和组件。|1308149|entityMap|0|LINK|mutability|MUTABLE|url|http://www.eldos.com/sbb/net-ssl.php^0|O|M|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]]|C|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]]]

If you are dealing with older versions of .NET Framework, then support for TLS 1.2 is available in our <a href="http://www.eldos.com/sbb/net-ssl.php" rel="nofollow noreferrer">SecureBlackbox product</a> in both client and server components. SecureBlackbox contains its own implementation of all algorithms, so it doesn't matter which version of .NET-based framework you use (including .NET CF) - you'll have TLS 1.2 with the latest additions in all cases. 

Please note that SecureBlackbox wont magically add TLS 1.2 to framework classes - instead you need to use SecureBlackbox classes and components explicitly.

blocks|key|1306212|text|最新版本的SSPI+(与Windows7捆绑在一起)实现了TLS1.2，可以在schannel.dll中找到|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1306213|entityMap|0|LINK|mutability|MUTABLE|url|http://en.wikipedia.org/wiki/Security_Support_Provider_Interface|1|http://msdn.microsoft.com/en-us/library/aa380516%2528v=VS.85%2529.aspx^0|5|4|0|13|C|1|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]|$A|R|B|S|1|T]]|C|$]]|$1|D|3|-4|5|6|7|U|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]|L|$5|G|H|I|C|$J|M]]]]

The latest version of <a href="http://en.wikipedia.org/wiki/Security_Support_Provider_Interface" rel="nofollow">SSPI</a> (bundled with Windows 7) has an implementation of TLS 1.2, which can be found in <a href="http://msdn.microsoft.com/en-us/library/aa380516%28v=VS.85%29.aspx" rel="nofollow">schannel.dll</a>

blocks|key|2050800|text|您可以通过以下these+instructions在IIS中启用TLS1.2。如果您有一个运行在IIS之上的基于ASP.NET的应用程序，我认为这就足够了，尽管它看起来并不能真正满足您的需求。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|2050801|entityMap|0|LINK|mutability|MUTABLE|url|https://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html^0|7|I|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

You can enable TLS 1.2 in IIS by following <a href="https://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html" rel="nofollow noreferrer">these instructions</a>. I presume this would be sufficient if you have an ASP.NET-based application that runs on top of IIS, although it looks like it does not really meet your needs.

blocks|key|3578125|text|.NET+Framework4.6默认使用TLS1.2。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3578126|此外，只有主机应用程序应该在.NET+4.6中，引用的库可能会保留在较旧的版本中。|3578127|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

.NET Framework 4.6 uses TLS 1.2 by default.

Moreover, only host application should be in .NET 4.6, referenced libraries may remain in older versions.

blocks|key|4989735|text|正如前面提到的here，您只需添加下面这行|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4989736|ServicePointManager.SecurityProtocol+=+(SecurityProtocolType)3072;|code-block|syntax|javascript|4989737|entityMap|0|LINK|mutability|MUTABLE|url|https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/^0|7|4|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@$A|R|B|S|1|T]]|C|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|C|$G|H]]|$1|I|3|-4|5|6|7|V|8|@]|9|@]|C|$]]]|J|$K|$5|L|M|N|C|$O|P]]]]

as mentioned <a href="https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/" rel="nofollow noreferrer">here</a> you can just add this line

<pre><code>ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
</code></pre>

Since I just discovered that RFC 5425 requires TLS 1.2 to be used, and that .NET doesn't yet support it, I wonder if there are any implementation, possibly open source, of TLS 1.2 protocol, as defined in RFC 5246.

Are there .NET implementation of TLS 1.2?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

因为我刚刚发现RFC5425需要使用TLS1.2，而.NET还不支持它，所以我想知道是否有RFC5246中定义的TLS1.2协议的实现，可能是开源的。

问有没有TLS1.2的.NET实现？
EN

回答 10

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问有没有TLS1.2的.NET实现？EN

回答 10

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问有没有TLS1.2的.NET实现？
EN