![]() Although this change was not strictly necessary to fix the problem I was experiencing, it was appropriate in terms of tightening up the security of our ASP.NET WebAPIs and to ensure that our own APIs can only be accessed by clients that support TLS 1.2. More accurately the changes I have made to our Azure hosting have removed support for earlier versions of TLS i.e. Upgrading our Azure hosting to support TLS 1.2 In this article I will describe the changes I have made to our Azure hosting (where our ASP.NET WebAPIs are hosted) and the code changes which enabled TLS 1.2 support. This is what actually matters when it comes to selecting the supported TLS version during the TLS handshake. NET Framework used for compiling your project. ![]() The solution is down to the version of the. NET Framework onto your development environment is not the answer. NET applications are becoming more common. I had to make several changes, including code changes to the ASP.NET WebAPI services and changes to our Azure hosting environments.Īs many current servers are moving towards TLS 1.2/1.3 and removing support for TLS 1.0 /1.1, connectivity issues between newer servers and older (legacy). ![]() I was able to run the third-party APIs from our local test environment, but not when I ran them from our staging / production environments which were hosted on Azure. Transport Layer Security (TLS) best practices with the. ![]() TLS 1.2 will eventually be replaced by the newest released standard TLS 1.3 which is faster and has improved security TLS 1.2 is a standard that provides security improvements over previous versions. The Transport Layer Security (TLS) protocol is an industry standard designed to help protect the privacy of information communicated over the Internet. After some discussion with one of the developers of the third-party APIs, he suggested the issue may be related to TLS 1.2 not being supported as he had seen the issue before.įirstly, what is TLS? Here’s a definition from a Microsoft article that describes TLS best practices with regards to the. All requests to the third-party API were returning empty responses. Unfortunately, this included our own APIs. These third-party APIs were configured to disable any requests from clients that were using TLS 1.0/1.1. I recently came across an issue with several of our ASP.NET WebAPI services which were consuming a third-party set of APIs.
0 Comments
Leave a Reply. |