Hotfix: TLS 1.1/1.0 deprecation (June 30, 2023) (#29)

* Implement configuration support for setting SecurityProtocolType Adds support for explicitly setting client TLS version following TLS 1.1/1.0 deprecation announced by Duo (c. June 30, 2023). * Add missing namespace required by ConfigurationManager * Add missing project reference to System.Configuration
duosecurity · Aug 11, 2023 · 3c71a3c · 3c71a3c
1 parent 5c6b376
commit 3c71a3c
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/duo_api_csharp/Duo.cs b/duo_api_csharp/Duo.cs
@@ -4,6 +4,7 @@
  */
 
 using System;
+using System.Configuration;
 using System.Collections.Generic;
 using System.IO;
 using System.Net;
@@ -38,6 +39,20 @@ public class DuoApi
         private RandomService randomService;
         private bool sslCertValidation = true;
         private X509CertificateCollection customRoots = null;
+
+        // TLS 1.0/1.1 deprecation effective June 30, 2023
+        // Of the SecurityProtocolType enum, it should be noted that SystemDefault is not available prior to .NET 4.7 and TLS 1.3 is not available prior to .NET 4.8.
+        private static SecurityProtocolType SelectSecurityProtocolType
+        {
+            get
+            {
+                SecurityProtocolType t;
+                if (!Enum.TryParse(ConfigurationManager.AppSettings["DuoAPI_SecurityProtocolType"], out t))
+                    return SecurityProtocolType.Tls12;
+
+                return t;
+            }
+        }
 
         /// <param name="ikey">Duo integration key</param>
         /// <param name="skey">Duo secret key</param>
@@ -273,6 +288,8 @@ StreamReader reader
         private HttpWebRequest PrepareHttpRequest(String method, String url, String auth, String date,
             String cannonParams, int timeout)
         {
+            ServicePointManager.SecurityProtocol = SelectSecurityProtocolType;
+
             HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
             request.ServerCertificateValidationCallback = GetCertificatePinner();
             request.Method = method;

diff --git a/duo_api_csharp/duo_api_csharp.csproj b/duo_api_csharp/duo_api_csharp.csproj
@@ -35,6 +35,7 @@
   <ItemGroup>
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System" />
+    <Reference Include="System.Configuration" />
     <Reference Include="System.Core" />
     <Reference Include="System.Data" />
     <Reference Include="System.Data.DataSetExtensions" />
@@ -56,4 +57,4 @@
   <ProjectExtensions>
     <VisualStudio AllowExistingFolder="true" />
   </ProjectExtensions>
-</Project>
+</Project>