Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to support TLS 1.2 (and future versions) for client calls #1075

Closed
cforsyth68 opened this issue Jan 26, 2018 · 8 comments
Closed

Add option to support TLS 1.2 (and future versions) for client calls #1075

cforsyth68 opened this issue Jan 26, 2018 · 8 comments

Comments

@cforsyth68
Copy link

Expected Behavior

Library should allow consumers to force TLS 1.2

Actual Behavior

Requests are sent based on the .Net Framework targeted. .Net 4.5 default is TLS 1.0 not TLS 1.2. .Net 4.6 default is v1.2. It isn't always possible to refactor legacy code to target 4.6. An option should be provided to allow these clients to force TLS 1.2 using SecurityProtocolType Enumeration

Steps to Reproduce the Problem

  1. Write code in .Net 4.5 that calls an endpoint via RESTSharp that does not accept requests other than TLS 1.2
@alexeyzimarev
Copy link
Member

RestSharp does not support .NET 4.5 in the latest versions.

@Lechus
Copy link

Lechus commented Jan 30, 2018
edited
Loading

Just enable TLS12 in the code before making a call using RestSharp?

@Lechus Lechus mentioned this issue Feb 12, 2018
Closed
@alexeyzimarev
Copy link
Member

alexeyzimarev commented Mar 25, 2018
edited
Loading

I don't think this is relevant for RestSharp. This is a global application-level configuration or even .NET registry setting, which people can change. I don't think we need to include all possible configurations to RestSharp. This should work:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

@alaska-adam
Copy link

Will we need to continue to add flags for later TLS versions? SecurityProtocolType.Tls13? This doesn't seem like a reasonable long term solution. Upgrading the framework version would accommodate this and not require dependents to hack in support for specific TLS versions. Wouldn't upgrading the framework version also clean up warnings like: "Some NuGet packages were installed using a target framework different from the current target framework and may need to be reinstalled."?

@alexeyzimarev
Copy link
Member

@alaska-adam what do you mean by "upgrading the framework version"?

@alaska-adam
Copy link

I could be mistaken, but is RestSharp currently using a 5 year old framework of .NET?

Line 3 of RestSharp.csproj
<TargetFrameworks>netstandard2.0;net452</TargetFrameworks>

It is my understanding that this is what is holding people back from using TLS 1.2 "out of the box" when using a newer .NET framework (like the several year old 4.6.1 or last year's 4.7).

@cforsyth68
Copy link
Author

cforsyth68 commented May 7, 2018 via email

@Helbo15
Copy link

Helbo15 commented Aug 30, 2019

I've been looking for information on how restsharp would handle tls 1.2

it seems that Restsharp won't which is kinda a shame since that, all you really need to do is to change the targetframework to 4.6 or higher in your project configuration. and it will only generate more and more problems for users of Restsharp from now on as tls 1.2 have become the defacto minimum standard for any secure connection online.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Lechus @alexeyzimarev @cforsyth68 @Helbo15 @alaska-adam