CA5378Security Enabled by default: No

Do not disable ServicePointManagerSecurityProtocols

Description

Setting Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols to true limits Windows Communication Framework's (WCF) Transport Layer Security (TLS) connections to using TLS 1.0. That version of TLS will be deprecated. For more information, see Transport Layer Security (TLS) best practices with .NET Framework.

Cause

A System.AppContext.SetSwitch method call sets Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols to true.

By default, this rule analyzes the entire codebase, but this is configurable.

How to fix violations

If your application targets .NET Framework v4.7 or later, you can either remove the System.AppContext.SetSwitch method call, or set the switch's value to false.
If your application targets .NET Framework v4.6.2 or earlier and runs on .NET Framework v4.7 or later, set the switch's value to false.
Otherwise, refer to Transport Layer Security (TLS) best practices with .NET Framework for mitigations.

Example

using System;

public class ExampleClass
{
    public void ExampleMethod()
    {
        // CA5378 violation
        AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", true);
    }
}

using System;

public class ExampleClass
{
    public void ExampleMethod()
    {
        AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", false);
    }
}

When to suppress

You can suppress this warning if you need to connect to a legacy service that can't be upgraded to use secure TLS configurations.

Your vote

Join a group to vote

Group results

0 yes 0 no

ConsensusNone (disabled)

Severity preference (yes voters)

Suggestion0

Warning0

Error0