Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?

Question

On our Windows 2012 Server R2, we need to disabled TLS 1.0.

However we have .NET 4.5 Wcf services running. We found that if we disable TLS 1.0 that the WCF services

Answer 1

The answer by Ian Kemp works without an issue, but I just wanted to provide another answer that means you don't have to recompile your code.

Anything above .NET 4.5 can support TLS 1.2 however the default of anything lower than .NET 4.7 is TLS 1.1. So if you need to access something using TLS 1.2 you get an error as it will be trying to use the default.

You can add the following code to your configuration file, to override the default.

<runtime>
      <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
</runtime>

Answer 2

No. The default protocols enabled for the various framework versions are:

• .NET Framework 4.5 and 4.5.1: SSLv3 and TLSv1
• .NET Framework 4.5.2: SSLv3, TLSv1, and TLSv1.1
• .NET Framework 4.6 and higher: TLSv1, TLSv1.1, and TLS1.2

Sources: [1] [2]

You can specify which protocols your application supports by using the ServicePointManager class, specifically by setting the SecurityProtocol property, which in your case you would want to set to the following:

System.Net.ServicePointManager.SecurityProtocol =
    SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;