I've got a Web API that must communicate with a few different services. Currently, I have the Web API set to use the following security protocol:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
When the API calls out to another service via HttpClient (say like Twitter), it will use that protocol. At the same time however, another request may come in to access something from the cloud, which for whatever reason, currently requires TLS (not TLS 1.2). The request to the cloud, before firing out, sets the security protocol again:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
The problem I'm running into is when two separate and unique requests come in, one for Twitter and one for the cloud, the security protocol could switch over to the "wrong one" before it's sent out, causing the request to fail.
Is there a way to set the security protocol on the HttpClient per request so that I'm not swapping around a setting in some singleton somewhere?
You don't need to set it.
You can use:
using System.Net;
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
Additional Notes:
- Needed for .Net 4.5 because Tls12 is not a default protocol.
- Need to write the above code only once within the application. (For example within Global.asax > Application_Start within Web application or equivalent in Winforms application)
- For .Net 4.6 and above, Tls12 is a default protocol so it is not needed
There seems to be no way to do this. The SecurityProtocol property is only being used inside the internal TlsStream class in one place:
TlsStream seems to back all the internal TLS connections such as HTTP, FTP and SMTP.
I had hoped that ServicePoint allows you to configure this. For many settings ServicePointManager only provides the default. That hope was unfounded.
So this is quite strong evidence that this is not possible. It's no proof, though.
What should you do? I'd switch out the HTTP client library for the odd server you are talking to. HTTP is not a particularly complicated protocol. I'm sure there's some other implementation available.
Alternatively, use a proxy that terminates the HTTPS connection on your own server. .NET then only deals with HTTP.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/VZqf5.png', '推荐 祖国的老花朵 的文章《Changing security protocol per request (HttpClient》','https://www.manongdao.com/article-344351.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}