cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff
Archer Employee
Archer Employee

On March 27, 2018, RSA SaaS Operations announced the TLS 1.0/1.1 protocols will be deprecated starting May 6, 2018, and leaving TLS 1.2.  This change may impact processes using the Archer Web Services API and REST API.  Any custom applications/integrations developed with .NET Framework 4.5 or older may not have the TLS 1.2 protocol enabled and will not be able to connect successfully after TLS 1.0/1.1 is deprecated.

 

The information below also applies to customers not using RSA Archer Hosting Services, but have disabled TLS 1.0/1.1 in their Archer environments.

 

The following error messages can occur when custom applications can’t connect because TLS 1.2 is the only protocol enabled:

  • The request was aborted: Could not create SSL/TLS secure channel.
  • An error occurred while sending the request.
  • The underlying connection was closed: An unexpected error occurred on a send.
  • Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

 

To correct the issue and prevent possible issues, there are a few options:

  1. Recompile the code with .NET 4.6 or higher
  2. Modify code to use TLS 1.2 as long as the client computer has .NET 4.6 or higher installed
  3. For non-SaaS customers, registry changes on web server can force .NET 4.0 to allow TLS 1.2.  Check out the comments at end of this page.

 

If option 2 is chosen, below are several code snippets in C#, PowerShell, and VB.NET that may be helpful demonstrating how to use TLS 1.2 with a .NET Framework 4.0 application.

 

C#

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12‍‍‍‍‍‍‍‍‍

 

PowerShell

[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")‍‍‍‍‍‍‍‍‍

 

VB.NET options

ServicePointManager.SecurityProtocol = (ServicePointManager.SecurityProtocol Or CType(3072, SecurityProtocolType))‍‍‍‍‍‍‍‍‍‍

 

ServicePointManager.SecurityProtocol = CType(48, SecurityProtocolType) Or CType(192, SecurityProtocolType) Or CType(768, SecurityProtocolType) Or CType(3072, SecurityProtocolType)‍‍‍‍‍‍‍‍‍‍

 

''' <summary>
''' Enable SSL3 and TLS 1.0, 1.1, 1.2 which is needed for .NET 4.0 apps.  Starting with 4.6, it's on by default.
''' </summary>
'''       Ssl3 = 48
'''       Tls 1.0 = 192
'''       Tls 1.1 = 768
'''       Tls 1.2 = 3072
Public Sub EnableSslProtocols()

    Debug.Print("Runtime: " + System.Diagnostics.FileVersionInfo.GetVersionInfo(GetType(System.Int32).Assembly.Location).ProductVersion)
    Debug.Print("Enabled protocols before: " + ServicePointManager.SecurityProtocol.ToString)
    Debug.Print("Available protocols: ")

    ' Loop thru the available protocols and enable them.  Hopefully gets future TLS versions like 1.3.
    For Each protocol As SecurityProtocolType In System.Enum.GetValues(GetType(SecurityProtocolType))
        Debug.Print(protocol.GetHashCode)
        ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol Or CType(protocol.GetHashCode, SecurityProtocolType)
    Next

    Debug.Print("Enabled protocols after: " + ServicePointManager.SecurityProtocol.ToString)

End Sub‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

 

Output of the Debug.Print lines from the function above:

Runtime: 4.7.2558.0
Enabled protocols before: Ssl3, Tls
Available protocols:
0
48
192
768
3072
Enabled protocols after: Ssl3, Tls, Tls11, Tls12

 

Other online resources that may be helpful:

3 Comments