We have a client web application implemented with WCF. This client uses SSL_LVL3 to establish a handshake with an external service. It turns out that the service just disabled SSL_LVL3, so we need to change it to TLS 1.0. There is a way to force TLS security in C #:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
But this changes the security of all services that are used by the application, and not all services accept TLS.
We need to modify web.config to force the WCF service to use TLS. Is there any way to do this?
This is the service binding:
<binding name="XXXX" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" NameComparisonMode= "StrongWildcard" maxBufferPoolSize="524288" maxBufferSize="655360" maxReceivedMessageSize="655360" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" messageEncoding="Text"> <security mode="Transport" /> </binding>
source share