C Sharp Outdated Tls Versions Enabled
Description
Detects when C# applications disable TLS security restrictions through AppContext.SetSwitch configuration. This could allow the use of outdated TLS protocol versions, potentially exposing applications to downgrade attacks and known vulnerabilities in legacy protocols.
Detection Strategy
• Look for calls to AppContext.SetSwitch method in C# code
• Check if the SetSwitch call is configuring ServicePointManager security settings
• Verify if the configuration would enable outdated/insecure TLS protocol versions
• Report a vulnerability when ServicePointManager restrictions are being disabled through AppContext configuration
Vulnerable code example
using System;
public class UnsafeConfig
{
public void DisableSecurityProtocols()
{
AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", true); // Disables security protocol management, weakening TLS security
}...✅ Secure code example
using System;
using System.Net;
public class SafeConfig
{
public void ConfigureSecurityProtocols()
{
// Ensure security protocols remain enabled and use TLS 1.2 or higher...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.