I am aware on when we should explicitly set a supported TLS version through ServicePointManager.SecurityProtocol property using C# & .NET.
But what I am not aware is why we should do this ?
As per MSDN: This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections that use the Secure Hypertext Transfer Protocol (HTTPS) scheme only; existing connections are not changed.
As far as I aware, the agreement of SSL/TLS versions between client and server is agreed upon TLS handshake.
Question: Can someone explain me the relevance of explicit version selection? Or Why we should mentioned the supported TLS version when such negotiation was suppose to be performed at the stage of TLS handshake?
Answered by Steffen Ullrich (SE)
This is not used to select a specific protocol version but to set a list of allowed protocol versions. Typically you want to have TLS 1.2 and higher, maybe TLS 1.1 and TLS 1.0 for compatibility reasons but you don't want to allow SSLv3 or lower. By using this API you can tune which protocols are allowed within the following TLS handshakes.