Skip to content

Add TLSv1.3 support for .NET 3 or higher #2625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JeremyBessonElastic merged 4 commits into from
Aug 12, 2025
Merged

Add TLSv1.3 support for .NET 3 or higher #2625

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3090c9f
Add TLSv1.3 support for .NET 3 or higher
JeremyBessonElastic Jul 14, 2025
9ad8ff5
For .NET 8 and upwrads, let the default
JeremyBessonElastic Aug 12, 2025
1ab96e1
Fix
JeremyBessonElastic Aug 12, 2025
fe3d893
Fix
JeremyBessonElastic Aug 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 14 additions & 5 deletions src/Elastic.Apm/BackendComm/BackendCommUtils.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,18 +216,27 @@ private static HttpClientHandler CreateHttpClientHandler(IConfiguration configur
// and runtime exceptions on .NET Framework versions <4.7.2, we don't attempt to set the certificate
// validation callback or SSL protocols on net462, which should also apply to .NET Framework <4.7.2 runtimes
// which resolve to that target.
#if NET8_0_OR_GREATER
// The defaults are good out of the box in .NET 8 and upwards, so we don't need to set anything.
httpClientHandler.SslProtocols = SslProtocols.None;
#elif NET3_0_OR_GREATER
httpClientHandler.SslProtocols |= SslProtocols.Tls12;
Comment thread
JeremyBessonElastic marked this conversation as resolved.
httpClientHandler.SslProtocols |= SslProtocols.Tls13;
logger.Info()?.Log("CreateHttpClientHandler - SslProtocols: {SslProtocols}", ServicePointManager.SecurityProtocol);
#elif !NET462
httpClientHandler.SslProtocols |= SslProtocols.Tls12;
logger.Info()?.Log("CreateHttpClientHandler - SslProtocols: {SslProtocols}", httpClientHandler.SslProtocols);
#else
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
logger.Info()?.Log("CreateHttpClientHandler - SslProtocols: {SslProtocols}", ServicePointManager.SecurityProtocol);
#endif
#if !NET462
httpClientHandler.ServerCertificateCustomValidationCallback = serverCertificateCustomValidationCallback;
logger.Info()?.Log("CreateHttpClientHandler - Setting ServerCertificateCustomValidationCallback");

httpClientHandler.SslProtocols |= SslProtocols.Tls12;
logger.Info()?.Log("CreateHttpClientHandler - SslProtocols: {SslProtocols}", httpClientHandler.SslProtocols);
#else
// We don't set the ServerCertificateCustomValidationCallback on ServicePointManager here as it would
// apply to the whole AppDomain and that may not be desired. A consumer can set this themselves if they
// need custom validation behaviour.
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
logger.Info()?.Log("CreateHttpClientHandler - SslProtocols: {SslProtocols}", ServicePointManager.SecurityProtocol);
#endif
return httpClientHandler;
}
Expand Down
Loading