Just found that .Net Framework 4.5 now supports TLSv1.2
http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx

刚刚发现 .Net Framework 4.5 现在支持 TLSv1.2
http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx

Yes, though you have to turn on TLS 1.2 manually at System.Net.ServicePointManager.SecurityProtocol

是的，尽管您必须在System.Net.ServicePointManager.SecurityProtocol上手动打开 TLS 1.2

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; // comparable to modern browsers
var response = WebRequest.Create("https://www.howsmyssl.com/").GetResponse();
var body = new StreamReader(response.GetResponseStream()).ReadToEnd();

Your client is using TLS 1.2, the most modern version of the encryption protocol

您的客户端正在使用 TLS 1.2，这是加密协议的最现代版本

Out the box, WebRequest will use TLS 1.0 or SSL 3.

开箱即用，WebRequest 将使用 TLS 1.0 或 SSL 3。

Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites.

您的客户端使用的是 TLS 1.0，它非常旧，可能容易受到 BEAST 攻击，并且没有最好的密码套件可用。诸如 AES-GCM 和 SHA256 之类的用于替换 MD5-SHA-1 的附加功能对 TLS 1.0 客户端以及许多更现代的密码套件不可用。

You can make use of the SchUseStrongCrypto registry setting to require all .NET applications to use TLS 1.2 instead of 1.0 by default.

您可以利用 SchUseStrongCrypto 注册表设置要求所有 .NET 应用程序默认使用 TLS 1.2 而不是 1.0。

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

I fixed my problem by switching to the latest .Net Framework. So your target Framework sets your Security Protocol.

我通过切换到最新的 .Net Framework 解决了我的问题。所以你的目标框架设置了你的安全协议。

when you have this in Web.config

当你在 Web.config 中有这个时

<system.web>
  <httpRuntime targetFramework="4.5"/>
</system.web>

you will get this by default:

默认情况下你会得到这个：

ServicePointManager.SecurityProtocol = Ssl3 | Tls

when you have this in Web.config

当你在 Web.config 中有这个时

<system.web>
  <httpRuntime targetFramework="4.6.1"/>
</system.web>

you will get this by default:

默认情况下你会得到这个：

ServicePointManager.SecurityProtocol = Tls12 | Tls11 | Tls

Just download this registry keyand run it. It will add the necessary key to the .NET framework registry. You can have more info at this link. Search for 'Option 2' in '.NET 4.5 to 4.5.2'.

只需下载此注册表项并运行它。它将向 .NET 框架注册表添加必要的密钥。您可以在此链接中获得更多信息。在“.NET 4.5 到 4.5.2”中搜索“选项 2”。

The reg file appends the following to the Registry:

reg 文件将以下内容附加到注册表中：

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

This is the part of the page that is useful in case it goes broken :

这是页面中有用的部分，以防它损坏：

" .. enable TLS 1.2 by default without modifying the source code by setting the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319". Although the version number in those registry keys is 4.0.30319, the .NET 4.5, 4.5.1, and 4.5.2 frameworks also use these values. Those registry keys, however, will enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. It is thus advisable to test this change before deploying it to your production servers. This is also available as a registry import file. These registry values, however, will not affect .NET applications that set the System.Net.ServicePointManager.SecurityProtocol value. "

Net.ServicePointManager.SecurityProtocol 值。”

If you are dealing with older versions of .NET Framework, then support for TLS 1.2 is available in our SecureBlackbox productin both client and server components. SecureBlackbox contains its own implementation of all algorithms, so it doesn't matter which version of .NET-based framework you use (including .NET CF) - you'll have TLS 1.2 with the latest additions in all cases.

如果您正在处理旧版本的 .NET Framework，那么我们的SecureBlackbox 产品在客户端和服务器组件中都提供对 TLS 1.2 的支持。SecureBlackbox 包含它自己的所有算法实现，因此无论您使用哪个版本的基于 .NET 的框架（包括 .NET CF）都无关紧要 - 在所有情况下，您都将拥有带有最新添加的 TLS 1.2。

Please note that SecureBlackbox wont magically add TLS 1.2 to framework classes - instead you need to use SecureBlackbox classes and components explicitly.

请注意，SecureBlackbox 不会神奇地将 TLS 1.2 添加到框架类 - 相反，您需要明确使用 SecureBlackbox 类和组件。

The latest version of SSPI(bundled with Windows 7) has an implementation of TLS 1.2, which can be found in schannel.dll

最新版本的SSPI（与 Windows 7 捆绑）具有 TLS 1.2 的实现，可以在schannel.dll 中找到

You can enable TLS 1.2 in IIS by following these instructions. I presume this would be sufficient if you have an ASP.NET-based application that runs on top of IIS, although it looks like it does not really meet your needs.

您可以按照这些说明在 IIS 中启用 TLS 1.2 。如果您有一个运行在 IIS 之上的基于 ASP.NET 的应用程序，我认为这已经足够了，尽管它看起来并不能真正满足您的需求。

.NET Framework 4.6 uses TLS 1.2 by default.

.NET Framework 4.6 默认使用 TLS 1.2。

Moreover, only host application should be in .NET 4.6, referenced libraries may remain in older versions.

此外，只有宿主应用程序应该在 .NET 4.6 中，引用的库可能保留在旧版本中。

as mentioned hereyou can just add this line

正如这里提到的，你可以添加这一行

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;