For security reasons, we wanted to disable TLS 1.0 support on our server at the OS level (in the registry of sequential SChannel):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
But since the SQL Server service does not start with TLS 1.0 disabled , we had to leave TLS 1.0 enabled at the OS level.
Now we are trying to force the use of TLS 1.2 at the application level, and not at the OS level.
Our application is a client server running on .NET 4.5. On the client, before calling the WCF service, we install:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
This ensures that the Client sends a ClientHello message with the TLS1.2 protocol.
But on the server, which is a self-serving WCF service, we do not see how to force use of TLS1.2. Server-side SSL / TSL negotiation is based on the SChannel registry and thus setting ServicePointManager.SecurityProtocol has no effect.
We would like to check the incoming WCF call in our server code and check which TLS protocol is used for the call and close the connection if it is less than TLS1.2.
Is there a way to get an incoming WCF call for SSL / TLS? Something like HttpContext.WebSocketNegotiatedProtocol ?
source share