CA5386: Avoid hardcoding SecurityProtocolType value (code analysis) - .NET

相关文章推荐

八块腹肌的帽子 · 韩山师范学院是几本-是一本还是二本大学？_大 ...· 1 年前 ·

冷冷的板凳 · 曹操早就看出司马懿的野心，为何不除去他以绝后 ...· 1 年前 ·

幸福的麦片 · 战锤40K桌游的不完全入坑指南| 机核GCORES· 1 年前 ·

留胡子的楼梯 · 有哪些直击灵魂的句子，萧伯纳经典文学句子推荐 ...· 1 年前 ·

听话的显示器 · Black-Scholes-Merton期权 ...· 1 年前 ·

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft Edge More info about Internet Explorer and Microsoft Edge

This rule fires when either of the following conditions are met:

A safe but hardcoded System.Net.SecurityProtocolType value was referenced.

An integer value representing a safe protocol version was assigned to a SecurityProtocolType variable.

Safe values are:

Tls12

Tls13

Rule description

Transport Layer Security (TLS) secures communication between computers, most commonly with Hypertext Transfer Protocol Secure (HTTPS). Protocol versions TLS 1.0 and TLS 1.1 are deprecated, while TLS 1.2 and TLS 1.3 are current. In the future, TLS 1.2 and TLS 1.3 may be deprecated. To ensure that your application remains secure, avoid hardcoding a protocol version and target at least .NET Framework v4.7.1. For more information, see Transport Layer Security (TLS) best practices with .NET Framework .

How to fix violations

Don't hardcode TLS protocol versions.

When to suppress warnings

You can suppress this warning if your application targets .NET Framework v4.6.2 or earlier and may run on a computer that has insecure defaults.

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

#pragma warning disable CA5386
// The code that's violating the rule is on this line.
#pragma warning restore CA5386
To disable the rule for a file, folder, or project, set its severity to none in the configuration file.
[*.{cs,vb}]
dotnet_diagnostic.CA5386.severity = none
For more information, see How to suppress code analysis warnings.
Pseudo-code examples
Enumeration name violation
using System;
using System.Net;
public class ExampleClass
    public void ExampleMethod()
        // CA5386 violation
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Imports System
Imports System.Net
Public Class TestClass
    Public Sub ExampleMethod()
        ' CA5386 violation
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
    End Sub
End Class
Integer value violation
using System;
using System.Net;
public class ExampleClass
    public void ExampleMethod()
        // CA5386 violation
        ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072;    // TLS 1.2
Imports System
Imports System.Net
Public Class TestClass
    Public Sub ExampleMethod()
        ' CA5386 violation
        ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)   ' TLS 1.2
    End Sub
End Class
Solution
using System;
using System.Net;
public class TestClass
    public void TestMethod()
        // Let the operating system decide what TLS protocol version to use.
        // See https://learn.microsoft.com/dotnet/framework/network-programming/tls
Imports System
Imports System.Net
Public Class TestClass
    Public Sub ExampleMethod()
        ' Let the operating system decide what TLS protocol version to use.
        ' See https://learn.microsoft.com/dotnet/framework/network-programming/tls
    End Sub
End Class
Related rules
CA5364: Do not use deprecated security protocols
CA5397: Do not use deprecated SslProtocols values
CA5398: Avoid hardcoded SslProtocols values