TLS version handling with http web request CSharp

Since you’re reading this, probably your C# code broke the connection to the website or a third-party API you’re hitting using the HttpWebRequest. The below code shows one such scenario where my application code broke which is running in .net framework 4.0. The company running the API upgraded their security with the TLS version upgrade to 1.2.

The exception that you’re seeing as below while trying to call GetResponse():

The request was aborted: Could not create SSL/TLS secure channel.

Uri url = new Uri(Link);
HttpWebRequest http = (HttpWebRequest)WebRequest.Create(url.ToString());
HttpWebResponse resp = (HttpWebResponse)http.GetResponse();
returnValue = Convert.ToInt32(resp.StatusCode);

HTTPS relies on a family of lower level security protocol implementations called transport level security (TLS), each using different cryptographic algorithms. Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. Anything that is using TLS standard below TLS 1.2 is considered to be non secure because these older encryption algorithms have been cracked at some point. The TLS standards keep evolving and TLS 1.3 is in the works.

Each .net framework supports TLS version 1.2 in the following ways:

  • .Net 4.5 and above: Add the below line of code before making the web request in your code. Some blogs say .Net 4.6 and above support it by default and no code changes are required but as I tried it myself, it doesn’t work.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
  • .Net 4.0: This framework does not support the enumeration as in the latest frameworks, the below line of code helps achieve that:
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

Older frameworks do no support the latest TLS version, so it’s better to upgrade your application. Also, as a good security practice do not use the fallback code as shown below:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Another good point to consider upgrading your application is to check if Microsoft still supports the .Net framework you’re using.

Show some love for the pit in my PayPal account.