Do not use weak SSL protocols

Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST Rules > Do not use weak SSL protocols

Metadata

ID: csharp-security/weak-ssl-protocols

Language: C#

Severity: Warning

Category: Security

CWE: 327

Related CWEs:

Description

Weak encryption protocols should not be used. TLS versions 1.0 and 1.1 have been deprecated. TLS 1.2 (or, even better, TLS 1.3) should be used instead.

Learn More

Non-Compliant Code Examples

using System.Net;

class MyClass {
    public static void routine()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
    }
}

Compliant Code Examples

using System.Net;

class MyClass {
    public static void routine()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
        
        SslProtocols = SslProtocols.Tls12;
    }
}