Does any one know how to make SvcUtil.exe connect to an end point that is using TLS 1.2? I am using .Net Framework version 4.6.1.
When I connect using VS 2017 I can see using Fiddler the request is established over a tunnel using a ClientHello handshake that uses Version: 3.3 (TLS/1.2)
. However when I use the svcutil.exe directly it tries to use a request that tries to establish a tunnel using a ClientHello handshake of Version: 3.1 (TLS/1.0)
and subsequently fails.
I was hoping I might be able to set something in the SvcUtil.exe.config like the following:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false" />
</runtime>
<system.net>
<settings>
<servicepointmanager securityprotocol="tls12">
</servicepointmanager>
</settings>
</system.net>
</configuration>
That would mirror the equivalent SecurityProtocol property on the ServicePointManager class. However that just produces the following error:
Unrecognized element 'servicepointmanager'.
I am using the SvcUtil as follows:
SvcUtil https://myserver/myservice/mex
The solution is to follow and add the HKEY provided in the following link to allow TLS 1.2 only services via svcutil
:
https://blogs.msdn.microsoft.com/dsnotes/2015/09/23/wcf-ssltls-failure-during-add-service-reference-system-net-security-sslstate-processauthentication/
In short, the solution is as follows:
Add the following registry setting DWORD value as 1 and restart the
box:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
If the application is 32bit running on x64 windows, we need to modify the same key under the:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\ SchUseStrongCrypto
I've tried after adding the same and restarting the machine and it works.