Making sure you use newer version of TLS in your .NET applications

If you are developing networked applications, such as web applications with ASP.NET, it is important to start migrating away from the insecure version of TLS (Transport Layer Security) 1.0, also known as SSL 3.

Many services have already indicated, that their public APIs will stop supporting TLS 1.0 eventually. For example, the Box file sharing service is one example.

The .NET Framework has supported TLS protocol's more advanced version 1.1 and 1.2 for a long time already, but unless you have updated to the latest framework versions, you had you specifically enable these later versions of TLS. Not many applications have done that in my experience.

Microsoft has written a great guide on this topic, titled "Transport Layer Security (TLS) best practices with the .NET Framework". I recommended reading this document, as it also talks about Azure based services.

Shortly put, make sure you use the latest .NET Framework version in your applications, and if you cannot use the latest version, make sure you explicitly specify a latest TLS protocol version, or configure it in your application's configuration file.