I am trying to check from asp.net perspective what security protocol the client is using when trying to interact with my application. I have different applications hosted asp.net web application, asmx webservices, asp.net mvc, wcf services. Please suggest me how to know if the request is through ssl/ tls protocol.
My intention is to tell my application users to use tls and not to use ssl3 because of poodle vulnerability.
1 Answers
Answers 1
Basically protocal i.e. SSL3 or TSL Doesn't depend on application but mainly depends on the Framework they built on . So in your Question i couldn't find the much information about the Framework on which your applications built on.
My intention is to tell my application users to use tls and not to use ssl3 because of poodle vulnerability.
Your users might be using your Webservices or the asmx service that was written and deployed in your server , so i would say that can't ask the user to change their protocal because its mainly dependent on the framework they are using i.e the framework they built on. so in order to achieve your goal try to by default make your applications run on .Net Framework 4.5 and assign to use the tls as follows
ServicePointManager.SecurityProtocol = (SecurityProtocolType)192 Please find that Following SecurityProtocalType Refernce
Ssl3 = 48, Tls = 192, Tls11 = 768, Tls12 = 3072, In this way instead of telling your Users , you are actually making to use the tls when they are requesting your services
0 comments:
Post a Comment