.Net Framework 4.6.1 not defaulting to TLS 1.2

Question

Our client have recently upgrade the security protocol to TLS 1.2. Therefore We have our application upgraded to 4.6.1 expecting the security protocol will be default to TLS

Answer 1

As others have mentioned there are a number of Windows Registry keys that must be set to enable TLS 1.2 in existing .NET applications without explicitly setting the protocol version in application code.

In order to make .NET 4.x code select the strongest available protocol by default (i.e. when a protocol is not explicitly specified in code), the following registry keys are needed:

On 32-bit and 64-bit versions of Windows: HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto: 0X00000001

On 64-bit versions of Windows: HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto: 0X00000001

The WOW6432Node value is needed to enable TLS 1.2 in 32-bit applications when run on 64-bit systems.

But here's the quick and easy solution: https://github.com/TheLevelUp/pos-tls-patcher

Update:

If you're targetting .NET 4.6 or 4.7 you'll be interested in Transport Layer Security (TLS) best practices with the .NET Framework.

Note that TLS Patcher linked above very much follows the Microsoft recommendation for existing .NET 4.0 and 4.5 apps that cannot target .NET 4.6 or higher.