The Transport Layer Security (TLS) 1.2 is a stadnard that provides security improvements over previous versions. More and more thrid-party APIs were configured to disable any requests from clients that were using TLS 1.0/1.1. So if your ASP.NET Web App or WebAPI Services Web Site will need to update to TLS 1.2 as well if your ASP.NET Web App or WebAPI Services Web Site has some calls to the third-party APIs, otherwise they will only return empty responses.
You could disable TLS 1.0/1.1 and only enable TLS 1.2 in your Web Server or in Azure, so that your hosting environments will no longer accept requests from earlier version of TLS.
But what happens on your application (ASP.NET Web App or WebAPI Services)? Depend on what version of .NET framework your project usrs will dicate the possible solutions available to you.
- If your project compiles against .NET Framework 4.7 or above, then you don’t have to do anything.
- If your project has been developed in a earlier version of .NET Framework, then you could either
- Recompile your project using .NET Framework 4.7 or above
- If recompiling is not an option, then you will have to update your .config file as below,
<configuration> <runtime> <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/> </runtime> <system.web> <compilation targetFramework="x.y.z" /> <httpRuntime targetFramework="x.y.z" /> </system.web> </configuration>
It is preferred that x.y.z are the same. So if your application is 4.6.2, then replacing x.y.z into 4.6.2.
Microsoft also has post a useful document on describing the best pratices to TLS 1.2. It will be great if you could read them all and understand them in order to fully secure your application(ASP.NET Web App or WebAPI Services).