Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Assume that you have upgraded to Microsoft .NET Framework 4.6 on your computer. When you use an application that uses SSL 3.0 together with ServicePointManager or SslStream APIs to connect to a server, the connection fails.

Cause

This issue occurs because the default set of SSL/TLS protocols that is used by ServicePointManager and SslStream was changed.

Old value: Ssl 3.0 | Tls 1.0 | Tls 1.1


New value: Tls 1.0 | Tls 1.1 | Tls 1.2

Workaround

To work around this issue, update the server to Tls 1.0, Tls 1.1, or Tls 1.2 because SSL 3.0 has been shown to be unsecure and vulnerable to attacks such as POODLE.

Note If you cannot update the server, use AppContext class to opt out of this feature. To do this, use one of the following methods:

  • Programmatically: Must be the very first thing the application does because ServicePointManager will initialize only once. Use the following code example in your application:

    private const string DisableCachingName = @"TestSwitch.LocalAppContext.DisableCaching";
            private const string DontEnableSchUseStrongCryptoName = @"Switch.System.Net.DontEnableSchUseStrongCrypto";
            AppContext.SetSwitch(DisableCachingName, true);
            AppContext.SetSwitch(DontEnableSchUseStrongCryptoName, true);

  • By using the AppConfig file for your application: Add the following line to the Appconfig file:
    <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=true"/>



For more information about the known issues in the .NET Framework 4.6, see Known issues for the .NET Framework 4.6.

More Information

For more information about the product versioning changes and impact in the .NET Framework 4.6, see Application Compatibility in the .NET Framework 4.6.

Notes

  • The new configuration will only apply when the application is targeting the .NET Framework 4.6. The .NET Framework 4.5.2 and earlier versions will not be affected even if they run in a .NET Framework 4.6 environment.

  • A list of affected top-level APIs:

    • HttpClient, HttpWebRequest

    • FtpClient

    • SmtpClient

    • SslStream

  • SCH_USE_STRONG_CRYPTO This flag is going to be automatically used in the .NET Framework 4.6 and affects behavior by removing unsafe cryptographic and hashing algorithms. For all operating system platforms earlier than Windows 10, the RC4 algorithm will be removed from use. From Windows 10, the following additional unsafe algorithms will be removed: DES, NULL, EXPORT and MD5


Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×