Does .NET Core 3 support TLS 1.3

user8882898 picture user8882898 · Sep 12, 2019 · Viewed 12.3k times · Source

I am using .NET Core 3.0 to make a proxy which support only TLS 1.3, I saw that Tls13 = 12288 is defined in SslProtocols. But during my test it only throws exception "The client and server cannot communicate, because they do not possess a common algorithm". So my question is whether .NET Core 3.0 supports TLS 1.3 now?

I am using visual studio professional 2019 version 16.3.0 preview 3.0, my project is netcore3.0

Tls13 is defined in SslProtocols

//
// Summary:
//     Defines the possible versions of System.Security.Authentication.SslProtocols.
[Flags]
public enum SslProtocols {
    //
    // Summary:
    //     Allows the operating system to choose the best protocol to use, and to block
    //     protocols that are not secure. Unless your app has a specific reason not to,
    //     you should use this field.
    None = 0,
    //
    // Summary:
    //     Specifies the SSL 2.0 protocol. SSL 2.0 has been superseded by the TLS protocol
    //     and is provided for backward compatibility only.
    Ssl2 = 12,
    //
    // Summary:
    //     Specifies the SSL 3.0 protocol. SSL 3.0 has been superseded by the TLS protocol
    //     and is provided for backward compatibility only.
    Ssl3 = 48,
    //
    // Summary:
    //     Specifies the TLS 1.0 security protocol. The TLS protocol is defined in IETF
    //     RFC 2246.
    Tls = 192,
    //
    // Summary:
    //     Use None instead of Default. Default permits only the Secure Sockets Layer (SSL)
    //     3.0 or Transport Layer Security (TLS) 1.0 protocols to be negotiated, and those
    //     options are now considered obsolete. Consequently, Default is not allowed in
    //     many organizations. Despite the name of this field, System.Net.Security.SslStream
    //     does not use it as a default except under special circumstances.
    Default = 240,
    //
    // Summary:
    //     Specifies the TLS 1.1 security protocol. The TLS protocol is defined in IETF
    //     RFC 4346.
    Tls11 = 768,
    //
    // Summary:
    //     Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF
    //     RFC 5246.
    Tls12 = 3072,
    //
    // Summary:
    //     Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF
    //     RFC 8446.
    Tls13 = 12288
}

Answer

Idov picture Idov · Sep 12, 2019

Google is your friend:
https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0

TLS 1.3 & OpenSSL 1.1.1 on Linux .NET Core now takes advantage of TLS 1.3 support in OpenSSL 1.1.1, when it's available in a given environment. With TLS 1.3:

Connection times are improved with reduced round trips required between the client and server. Improved security because of the removal of various obsolete and insecure cryptographic algorithms. When available, .NET Core 3.0 uses OpenSSL 1.1.1, OpenSSL 1.1.0, or OpenSSL 1.0.2 on a Linux system. When OpenSSL 1.1.1 is available, both System.Net.Security.SslStream and System.Net.Http.HttpClient types will use TLS 1.3 (assuming both the client and server support TLS 1.3).