WebSocket4Net icon indicating copy to clipboard operation
WebSocket4Net copied to clipboard
verified publisher icon kerryjiang

WebSocket.NoSilverlight.cs v0.15 forces usage of insecure SslProtocols.Default

Open maxmeffert opened this issue 4 years ago • 1 comments

Hi, we just found that in v0.15 WebSocket.NoSilverlight.cs forces the usage of SslProtocols.Default for non .NET Core applications, limiting the operating system to choose between SSL3 und TLS1.0 which poses a potential security risk.

The recommendation is to use SslProtocols.None leaving the choice completely to the operating system.

  • https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
  • https://docs.microsoft.com/en-us/dotnet/api/system.security.authentication.sslprotocols?view=net-5.0

maxmeffert avatar Jun 10 '21 17:06 maxmeffert

Please try WebSocket4Net 1.0.0-beta.2. https://www.nuget.org/packages/WebSocket4Net/1.0.0-beta.2

kerryjiang avatar Jun 22 '24 15:06 kerryjiang