With the recent disclosure of POODLE (CVE-2014-3566) many servers, including payment gateways, are disabling SSLv3 on their servers and forcing the use of TLS.
Does anyone know which SSL protocol is used internally by the ASP.net Framework for things like WebRequest? If it uses SSLv3 and doesn't automatically fall back to TLS, is there a way to configure this?
Note: We have already disabled SSLv3 via the registry and it does not seem to have impacted HTTPS traffic to our websites. I'm just not sure what is going to happen when the payment gateway turns it off on their end.
This is user-controllable via ServicePointManager.SecurityProtocol. It appears the default is SecurityProtocolType.Tls|SecurityProtocolType.Ssl3.