poodle-attack

Which versions of SSL/TLS does System.Net.WebRequest support?

by

This is an important question. The SSL 3 protocol (1996) is irreparably broken by the Poodle attack published 2014. The IETF have published “SSLv3 MUST NOT be used”. Web browsers are ditching it. Mozilla Firefox and Google Chrome have already done so. Two excellent tools for checking protocol support in browsers are SSL Lab’s client … Read more

The client and server cannot communicate, because they do not possess a common algorithm – ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 – Win32Exception

by

There are several other posts about this now and they all point to enabling TLS 1.2. Anything less is unsafe. You can do this in .NET 3.5 with a patch. You can do this in .NET 4.0 and 4.5 with a single line of code ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5 ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // … Read more