This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: csharp-security/weak-ssl-protocols

Language: C#

Severity: Warning

Category: Security

CWE: 327

Description

Weak encryption protocols should not be used. TLS versions 1.0 and 1.1 have been deprecated. TLS 1.2 (or, even better, TLS 1.3) should be used instead.

Learn More

Non-Compliant Code Examples

using System.Net;

class MyClass {
    public static void routine()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
    }
}

Compliant Code Examples

using System.Net;

class MyClass {
    public static void routine()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13
        
        SslProtocols = SslProtocols.Tls12
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis