Don't force TLS 1.0

Question

Don't force TLS 1.0

nico159 opened this issue 7 years ago · comments

Hi,

In ExecuteRequest nemiro.oauth is forcing the use of TLS 1.0 as security protocol.
This make impossible to connect to web servers that only support TLS 1.1/1.2 failing with "An existing connection was forcibly closed by the remote host".

One quick fix is simply replacing that line with:
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls;
So that it will allow TLS 1.0 while still keeping the other protocols enabled.

But I think that don't enabling TLS 1.0 at all would be the a wiser way to go. I don't think that a library should touch ServicePointManager.SecurityProtocol.

Aleksey Nemiro · Answer 1 · Fri Oct 20 2017 16:24:09 GMT+0800 (China Standard Time)

I will check it.

Unfortunately now there is no time and I can not say when the result will be.

Thank you for message.

cboyce428 · Answer 2 · Thu Jun 28 2018 18:33:05 GMT+0800 (China Standard Time)

This must be why linkedin has stopped working! https://developer.linkedin.com/docs/guide/v2/concepts/authentication

Starting 10 October 2017 developers must use TLS 1.1 or 1.2 when calling LinkedIn APIs. LinkedIn no longer supports TLS 1.0 for security reasons.

Berend Veldkamp · Answer 3 · Thu Jul 11 2019 15:54:01 GMT+0800 (China Standard Time)

Any chance of fixing this anytime soon?

Leon · Answer 4 · Fri Feb 07 2020 04:17:54 GMT+0800 (China Standard Time)

I wonder if the TLS 1.2 protocol issue was ever resolved for LinkedIn login...
When I try the LinkedIn login - after user approves/authorizes I get an error message:
"The request was aborted: could not create SSL/TLS secure channel."

I tried to comment the line:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
I also tried this:
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls;
and tried to use a real numeric value 3072, which is enumeration value for TLS 1.2
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

However, it did not resolve the issue...
Any ideas/solutions?

EDIT: Correction - after recompiling either of the lines in bold above works!

Adam Oakley · Answer 5 · Thu Jun 18 2020 02:45:25 GMT+0800 (China Standard Time)

Anytime this will get fixed?

Berend Veldkamp · Answer 6 · Thu Dec 17 2020 18:11:41 GMT+0800 (China Standard Time)

Still doesn't work. More and more services are TLS 1.2 only so this is a real show-stopper

Bjoern Isemann · Answer 7 · Mon Mar 22 2021 14:54:30 GMT+0800 (China Standard Time)

Guys, its pretty easy to fix by yourself: File: OAuthUtility.cs, Line around 495

var securityProtocol = ServicePointManager.SecurityProtocol;

  ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;