How can we help you today? How can we help you today?

Smart Assembly 6.13.0.1109 - TLS 1.2

I just upgraded our server on amazon with windows server 2019.

The problem is that it support only TLS 1.1 or 1.2.

Smart Assembly is using TLS 1.0 and it has been dropped.

I can now send report but I'm my app I added this line :
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

Now I can send report to the server everything is fine but I can't read the report it told me unable to initialize SSL/TLS session.

Is there any plan to drop TLS 1.0 and put 1.1 or 1.2 inside smart assembly? I think the real issue is that Smart Assembly is using .NET 4.0 which dont have TLS 1.1 & 1.2 and now it's unsecure since TLS 1.0 has alot of flaw.


The server on amazon with 2019 support TLS 1.2 cipher below and smart assembly keep saying unable to initializate TLS session.


Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
For TLS 1.3 tests, we only support RFC 8446.

Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK 128

Thanks for your help,
mltgames
0

Comments

3 comments

Sort by
  • Russell D
    I think the easy answer would be that we don't support Server 2019.

    The reality obviously though is that this is something we need to look into - it won't be a quick fix I'm afraid though.
    Russell D
    0
  • mltgames
    I fixed the issue manually I added this inside SmartAssembly.exe.config

        <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false" />
    and
            <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />




    Basically it will allow the use of TLS 1.2

    Here is my SmartAssembly.exe.config

    <?xml version="1.0"?>
    <configuration>
      <configSections>
        <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net, Version=1.2.11.0, Culture=neutral, PublicKeyToken=669e0ddf0bb1aa2a"/>
      </configSections>
        <startup> 
            <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
        </startup>
      <runtime>
        <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false" />
      </runtime>
      <log4net>
        <!-- Uncomment to enable logging -->
        <!-- This is a standard log4net configuration section; you can edit it as appropriate -->
        <!--
        <appender name="TraceLogger" type="log4net.Appender.FileAppender">
          <file value="${LOCALAPPDATA}\Red Gate\SmartAssembly 6\SmartAssembly.log" />
          <appendToFile value="false" />
          <layout type="log4net.Layout.PatternLayout">
            <conversionPattern value="%date %-7level %logger: %message%newline%exception" />
          </layout>
        </appender>
        <root>
          <level value="TRACE"/>
          <appender-ref ref="TraceLogger" />
        </root>
        -->
      </log4net>
    </configuration>

    Thanks again for your help,
    mltgames
    0
  • Russell D
    Awesome, nice fix. I'll bring this up at standup tomorrow.
    Russell D
    0

Add comment

Please sign in to leave a comment.