Search code examples
c#webrequest

Verify Connection Security Protocol in C#

My application connects to an external service to receive data. The external service is updating their security protocol to exclude TLS 1.0 and below. I have already added the following to Global.asax:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 |
                                       SecurityProtocolType.Tls11 |
                                       SecurityProtocolType.Tls;

However, I would like to verify that I am connecting to the external service via Tls 1.1 or higher.

Is it possible to see the security protocol being used in a connection? I would suspect it's stored somewhere in one of the properties of the request/response objects.

var request = (HttpWebRequest) WebRequest.Create(url);
request.Method = "GET";
request.ContentType = "application/json";
request.Headers["Device-Token"] = deviceId;
var response = request.GetResponse().GetResponseStream();

Does anyone know where I can find this information? Or is there a better way to verify the security protocol being used?


EDIT

To adhere to better practice (as per Jf Beaulac's comments), the code for setting the connection protocol was changed to:

ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | 
                                        SecurityProtocolType.Tls11;
Solution

  • I found that PayPal is also in the process of changing their security settings.

    PayPal provides an API endpoint (https://tlstest.paypal.com/) for testing your application's security protocol to ensure that it supports TLS 1.2 and HTTP/1.1.

    Here's how I tested this:

    MVC Application

    ./Global.asax.cs

    ...
protected void Application_Start()
{
    ...

    // Add Tls 1.1 and 1.2 to security protocol list (without removing defaults)
    ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls1.2 | SecurityProtocolType.Tls1.1
}
...


    ./Controllers/TestConnection.cs

    using System;
using System.IO;
using System.Net;
using System.Web.Http;

namespace MyMVCApplication.Controllers
{
    public class TestConnectionController : ApiController
    {
        public string Get()
        {
            var url = new Uri("https://tlstest.paypal.com/");
            var request = (HttpWebRequest) WebRequest.Create(url);
            request.Method = "GET";
            request.ContentType = "application/json";

            var response = request.GetResponse().GetResponseStream();
            if (response != null)
            {
                string output;
                using (var reader = new StreamReader(response))
                {
                    output = reader.ReadToEnd();
                }

                return output;
            }

            return null;
        }
    }
}



    After running the application, you can connect to it locally (I did it using PowerShell) and receive a response from the PayPal endpoint.

    PowerShell

    $url = "http://localhost:60023/api/TestConnection"
Invoke-WebRequest -Uri $url -Headers @{Authorization = "Basic $credentials"} | ConvertFrom-Json

    If you have added ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 to Application_Start() in Global.asax.cs, you will receive the confirmation message PalPal_Connection_OK

    If your connection does not support TLS 1.2 or HTTP/1.1, you will receive a 400 error.

    For more information, please visit https://www.paypal-notice.com/en/TLS-1.2-and-HTTP1.1-Upgrade/