2017-04-18 07:52:04 +08:00
|
|
|
## Remove Ssl3 from the WCF TransportDefaults
|
2017-04-06 04:52:19 +08:00
|
|
|
|
|
|
|
|
### Scope
|
|
|
|
|
Edge
|
|
|
|
|
|
|
|
|
|
### Version Introduced
|
|
|
|
|
4.6.2
|
|
|
|
|
|
|
|
|
|
### Source Analyzer Status
|
|
|
|
|
Planned
|
|
|
|
|
|
|
|
|
|
### Change Description
|
2017-04-21 02:19:05 +08:00
|
|
|
|
|
|
|
|
When using NetTcp with transport security and a credential type of certificate,
|
|
|
|
|
the SSL 3 protocol is no longer a default protocol used for negotiating a secure
|
|
|
|
|
connection. In most cases there should be no impact to existing apps as TLS 1.0
|
|
|
|
|
has always been included in the protocol list for NetTcp. All existing clients
|
|
|
|
|
should be able to negotiate a connection using at least TLS1.0.
|
2017-04-06 04:52:19 +08:00
|
|
|
|
|
|
|
|
- [ ] Quirked
|
|
|
|
|
- [ ] Build-time break
|
|
|
|
|
|
|
|
|
|
### Recommended Action
|
|
|
|
|
|
2017-04-21 02:19:05 +08:00
|
|
|
If Ssl3 is required, use one of the following configuration mechanisms to add
|
|
|
|
|
Ssl3 to the list of negotiated protocols.
|
|
|
|
|
|
2017-05-31 02:57:12 +08:00
|
|
|
* <xref:System.ServiceModel.Channels.SslStreamSecurityBindingElement.SslProtocols>
|
2017-04-21 02:19:05 +08:00
|
|
|
* <xref:System.ServiceModel.TcpTransportSecurity.SslProtocols>
|
2018-02-21 02:29:52 +08:00
|
|
|
* [\<transport> section of \<netTcpBinding>](~/docs/framework/configure-apps/file-schema/wcf/transport-of-nettcpbinding.md)
|
|
|
|
|
* [\<sslStreamSecurity> section of \<customBinding>]~/docs/framework/configure-apps/file-schema/wcf/sslstreamsecurity.md)
|
2017-04-06 04:52:19 +08:00
|
|
|
|
|
|
|
|
### Affected APIs
|
|
|
|
|
* `P:System.ServiceModel.Channels.SslStreamSecurityBindingElement.SslProtocols`
|
|
|
|
|
* `P:System.ServiceModel.TcpTransportSecurity.SslProtocols`
|
|
|
|
|
|
|
|
|
|
### Category
|
2017-10-26 03:51:47 +08:00
|
|
|
Windows Communication Foundation (WCF)
|
2017-04-18 07:52:04 +08:00
|
|
|
|
|
|
|
|
<!-- breaking change id: 149 -->
|
