Do not use weak SSL protocols

Docs > Code Analysis > Static Analysis Rules > Do not use weak SSL protocols

Metadata

ID: csharp-security/weak-ssl-protocols

Language: C#

Severity: Warning

Category: Security

CWE: 327

Description

Weak encryption protocols should not be used. TLS versions 1.0 and 1.1 have been deprecated. TLS 1.2 (or, even better, TLS 1.3) should be used instead.

Learn More

Wikipedia: Transport Layer Security
CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Non-Compliant Code Examples

using System.Net;

class MyClass {
    public static void routine()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
    }
}

Compliant Code Examples

using System.Net;

class MyClass {
    public static void routine()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13
        
        SslProtocols = SslProtocols.Tls12
    }
}