Windows server 2012 R2 and cipher issue

Question

0.00/5 (No votes)

See more:

Good morning, I am trying to communicate with an API from windows server 2012 R2, apparently, this operating system takes the ciphers from the Internet Explorer stack, the problem is that in them, there are some with vulnerabilities and the server where the API is blocked the connection, is it possible to set which cipher to use from c#?

I am particularly interested in using any of the following that are accepted by the server where the API is located

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA)

Thank you in advance!

What I have tried:

I tried some nuget like Bouncy Castle, but without success.

Posted 4-May-24 9:35am

Fercap89

Updated 4-May-24 19:10pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2024-05-06T22:46:00

Solution 1

Transport Layer Security (TLS) best practices with .NET Framework | Microsoft Learn[^]

Rather than trying to "fix" the protocols or ciphers in your code, make sure your code is set to let the OS decide which protocols and ciphers to use.

You can then use the registry or group policy to configure which client protocols / ciphers are enabled on the machine where your code is running.

Which means you shouldn't need to recompile your code when the remote server updates their supported ciphers / protocols again.

Posted 6-May-24 22:46pm

Richard Deeming

Comments

Fercap89 8-May-24 18:25pm

Hello, thank you very much for your reply.
Can you guide me a little more on how to do this on a Windows Server:

"You can then use the registry or group policy to configure which client protocols / ciphers are enabled on the machine where your code is running."

Thank you in advance

Richard Deeming 9-May-24 3:25am

Transport Layer Security (TLS) registry settings | Microsoft Learn[^]
TLS Cipher Suites in Windows Server 2022. - Win32 apps | Microsoft Learn[^]

"To use group policy, configure SSL Cipher Suite Order under Computer Configuration ⇒ Administrative Templates ⇒ Network ⇒ SSL Configuration Settings with the priority list for all cipher suites you want enabled."