TLS 1.2 support

Imar Spaanjaars

Posted on 26/01/2018 12:10:07

Hi there,

More and more external parties are deprecating TLS 1 in favor of 1.2. For a bunch of existing connectors (Stripe, Authorize.net, PayPal and others) I am seeing code like this:

ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol | SecurityProtocolType.Tls12;

which solves the issue.

I have a few questions about that:

1. Should this be implemented globally? Since this is a system-wide setting, setting it on a single provider also sets it for others anyway, so we might as well get this at the global application level so it's done for all providers at once. If that leads to issue, maybe have an opt-out or opt-in model to this behavior?

2. How can I fix this for older 8 applications? We have a few sites running on 8 where we can't (easily) upgrade to newer versions that have already fixed this. Would it make sense if I created a custom notification subscriber that fires early on to set this? Then I could just drop this in those sites.

Thanks!

Imar

Replies

Nicolai Pedersen

Posted on 26/01/2018 13:52:38

This post has been marked as an answer

Hi Imar

@1: It should, and I just have TFS#45350. But the reason not to, is that we could have things that will not work on that protocol. So the other approach isolates potential issues.

Anywhow - it will be standard for all from soon. Set in globalasaxhandler DynamicwebStartup

@2: Yes, custom notification subscriber is my best bet. Cannot do much else - hard to give you and upgrade if you cannot upgrade :-).

BR Nicolai

Votes for this answer: 1

Imar Spaanjaars

Posted on 26/01/2018 14:01:07

Hi Nicolai,

Re 1: Perfect; thanks

Re 2: Totally understood.This was mor about validating my custom approach with a subscriber. But that's what I'll do.

Thanks,

Imar

You must be logged in to post in the forum

Developer forum

TLS 1.2 support

Replies