-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 0.9.3
-
Fix Version/s: 0.10.0
-
Component/s: C# - Library
-
Labels:None
TTLSSocket.cs.setupTLS() uses SslProtocols.Tls, which forces TLS 1.0. I suspect this was originally done to prevent SSLv2 from working against a poorly configured server, but now prevents working against a TLS 1.2 server, thus decreasing security.
Since PCI-DSS requires removing anything less than TLS 1.2 by June, this is a critical issue for those of us working in that environment.
Thanks!