MSDN Library

Remarks

In modern network environments, it is strongly recommended to use the latest secure protocols such as TLS 1.2 or TLS 1.3. However, some legacy systems or specific network configurations might require the use of older, less secure protocols like SSL 3.0 or early versions of TLS.

The ForceLessSslConnections static property allows applications to explicitly enable the negotiation of these older protocols. This should be considered a temporary measure and a last resort, as it significantly weakens the security posture of the connection.

When ForceLessSslConnections is set to true, the System.Net.Security.SslStream class will attempt to negotiate connections using a wider range of SSL/TLS versions, including older ones. When set to false (the default behavior), it will prioritize and attempt to negotiate the most secure protocols supported by both the client and the server.

Syntax

public static class ForceLessSslConnections

Properties

Usage Example

The following example demonstrates how to enable and disable forcing less secure SSL/TLS connections.

using System;
using System.Net.Security;

public class SslConfigurationExample
{
    public static void Main(string[] args)
    {
        Console.WriteLine($"Initial ForceLessSslConnections state: {ForceLessSslConnections.Enabled}");

        // Enable forcing less secure connections (use with caution!)
        ForceLessSslConnections.Enabled = true;
        Console.WriteLine($"ForceLessSslConnections state after enabling: {ForceLessSslConnections.Enabled}");

        // Perform network operations that might require older protocols

        // Disable forcing less secure connections
        ForceLessSslConnections.Enabled = false;
        Console.WriteLine($"ForceLessSslConnections state after disabling: {ForceLessSslConnections.Enabled}");
    }
}

Requirements

See Also

• System.Net.Security.SslStream
• System.Net.Security.SslProtocols
• Network Security Best Practices