❔ TLS v1.2 code review
My company recently decided that they will be manually enforcing TLS v1.2 on our Azure Service Bus instance (currently sitting on TLS v1.0)
As such I was tasked to ensure that our systems are compatible with TLS v1.2 when we eventually do switch over, however I'm stuck on trying to understand this line of code which asserts the TLS version in our services:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Can someone please explain what the | pipeing means in this code? And if we were to switch over to TLS v1.2, would this code be sufficient or do I need to modify this?
Thanks in advance.6 Replies
googled "is tls backward compatible" and got https://security.stackexchange.com/a/136372
the client sends a maximum supported version; then the server chooses the version that will be used, and sends it to the client
| means binary OR, in this case it adds the values of enum flags together
so
this will create an enum value which has both values
usually this is done for
[Flag] enums; an enum that is meant to have multiple values
in your case it will probably work fine, and if you remove the other two values, it'll probably also work fine
just try itgoing off this, if we're sending tls 1, 1.1 and 1.2 - the server will evaluate that it can only accept 1.2 and then use that?
and disregard the other pipes
yea
yeh that makes sense, the piping convention in this snippet is quite confusing hence why i had to make sure
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.