TechNinjutsu‎ > ‎

TLS version in Dynamics AX .net interop in X++

posted May 26, 2016, 10:23 AM by d graham   [ updated May 26, 2016, 10:29 AM ]
Recently in my office a discussion about which version of TLS is used by Dynamics AX in .net interop calls came up, as a vendor announced that in the next year TLS1.0 and TLS1.1 would be disabled for access to their API.

The setting that seems to control which protocols are available for web requests can be set with the following:
    
    System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType::Tls12);

set_SecurityProtocol() will accept a bitmask value based on the System.Net.SecurityProtocolType enum: https://msdn.microsoft.com/en-us/library/system.net.securityprotocoltype(v=vs.110).aspx

It seems that the .net setting for System.Net.ServicePointManager.SecurityProtocol is set per AppDomain ( http://stackoverflow.com/questions/3028486/how-to-use-ssl3-instead-of-tls-in-a-particular-httpwebrequest ) which means that potentially setting that enum value for a specific vendor may have side effects on your other API integrations(if such exist). If you must select a specific protocol for a vendor it may be worth considering creating the call in it's own AppDomain.

To determine what the current value of System.Net.ServicePointManager.SecurityProtocol in your AX .net environment you can run a job like so:

    static void CheckEnviornmentSecurityProtocol(Args _args)
    {
        int i;
        boolean ssl3Enabled,tlsEnabled,tls11Enabled,tls12Enabled;
    
        ;
        i = System.Net.ServicePointManager::get_SecurityProtocol();
    
        ssl3Enabled = i & enum2int(System.Net.SecurityProtocolType::Ssl3);
        tlsEnabled = i & enum2int(System.Net.SecurityProtocolType::Tls);
        tls11Enabled = i & enum2int(System.Net.SecurityProtocolType::Tls11);
        tls12Enabled = i & enum2int(System.Net.SecurityProtocolType::Tls12);
    
        info(strFmt("'%1' enabled: '%2'",
                'ssl3',            
                ssl3Enabled));
        info(strFmt("'%1' enabled: '%2'",
                'tls1',            
                tlsEnabled));
        info(strFmt("'%1' enabled: '%2'",
                'tls11',            
                tls11Enabled));
        info(strFmt("'%1' enabled: '%2'",
                'tls12',            
                tls12Enabled));
    }


Comments