Click here to Skip to main content
15,936,802 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Good morning, I am trying to communicate with an API from windows server 2012 R2, apparently, this operating system takes the ciphers from the Internet Explorer stack, the problem is that in them, there are some with vulnerabilities and the server where the API is blocked the connection, is it possible to set which cipher to use from c#?


I am particularly interested in using any of the following that are accepted by the server where the API is located

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA)

Thank you in advance!

What I have tried:

I tried some nuget like Bouncy Castle, but without success.
Posted
Updated 4-May-24 19:10pm

1 solution

Transport Layer Security (TLS) best practices with .NET Framework | Microsoft Learn[^]

Rather than trying to "fix" the protocols or ciphers in your code, make sure your code is set to let the OS decide which protocols and ciphers to use.

You can then use the registry or group policy to configure which client protocols / ciphers are enabled on the machine where your code is running.

Which means you shouldn't need to recompile your code when the remote server updates their supported ciphers / protocols again.
 
Share this answer
 
Comments
Fercap89 8-May-24 18:25pm    
Hello, thank you very much for your reply.
Can you guide me a little more on how to do this on a Windows Server:

"You can then use the registry or group policy to configure which client protocols / ciphers are enabled on the machine where your code is running."

Thank you in advance
Richard Deeming 9-May-24 3:25am    
Transport Layer Security (TLS) registry settings | Microsoft Learn[^]
TLS Cipher Suites in Windows Server 2022. - Win32 apps | Microsoft Learn[^]

"To use group policy, configure SSL Cipher Suite Order under Computer Configuration ⇒ Administrative Templates ⇒ Network ⇒ SSL Configuration Settings with the priority list for all cipher suites you want enabled."

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900