Sep 05, 2018 12:52 PM|PatriceSc|LINK
If I attempt to summarize my understanding is :
- that you have to take actions to enable Tls12 starting with 3.5 (but not for WCF thart just can't use this version) and Windows Server 2008 or later
- Tls12 should be used by default starting with 4.6 and Windows Server 2012 (but won't use later version that could be made available)
- from 4.7 it should select the best option offered by the OS (even options mde available later at the OS level)
Here it seems you want to disable other options. If possible it is likely best done at the OS level https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc .
You could select explicitely Tls12 in your code for testing before doing OS level changes (or if you want to enforce this only for a particular app) but it should be tracked and later removed (so that ultimately you end up with app that will just the best
option whatever it is from those made available by the underlying OS).
Edit: don't remember which version but you have an IIS update that should allow to track TLS usage as part of the IIS log to check new options are used or to better decide when you can disable old options.
Edit 2: if you need further help a Windows admin forum could be better.