RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5398 below:

CA5398: Avoid hardcoded SslProtocols values (code analysis) - .NET

Property Value Rule ID CA5398 Title Avoid hardcoded SslProtocols values Category Security Fix is breaking or non-breaking Non-breaking Enabled by default in .NET 9 No Cause

This rule fires when either of the following conditions are met:

A safe but hardcoded System.Security.Authentication.SslProtocols value was referenced.
An integer value representing a safe protocol version was either assigned to a SslProtocols variable, used as a SslProtocols return value, or used as a SslProtocols argument.

Safe values are:

Tls12
Tls13

Rule description

Transport Layer Security (TLS) secures communication between computers, most commonly with Hypertext Transfer Protocol Secure (HTTPS). Protocol versions TLS 1.0 and TLS 1.1 are deprecated, while TLS 1.2 and TLS 1.3 are current. In the future, TLS 1.2 and TLS 1.3 may be deprecated. To ensure that your application remains secure, avoid hardcoding a protocol version. For more information, see Transport Layer Security (TLS) best practices with .NET Framework.

How to fix violations

Don't hardcode TLS protocol versions.

When to suppress warnings

It's safe to suppress a warning if you need to connect to a legacy service that can't be upgraded to use future TLS protocol versions.

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

#pragma warning disable CA5398
// The code that's violating the rule is on this line.
#pragma warning restore CA5398

To disable the rule for a file, folder, or project, set its severity to none in the configuration file.

[*.{cs,vb}]
dotnet_diagnostic.CA5398.severity = none

For more information, see How to suppress code analysis warnings.

Pseudo-code examples Enumeration name violation

using System;
using System.Security.Authentication;

public class ExampleClass
{
    public void ExampleMethod()
    {
        // CA5398 violation
        SslProtocols sslProtocols = SslProtocols.Tls12;
    }
}

Imports System
Imports System.Security.Authentication

Public Class TestClass
    Public Function ExampleMethod() As SslProtocols
        ' CA5398 violation
        Return SslProtocols.Tls12
    End Function
End Class

Integer value violation

using System;
using System.Security.Authentication;

public class ExampleClass
{
    public SslProtocols ExampleMethod()
    {
        // CA5398 violation
        return (SslProtocols) 3072;    // TLS 1.2
    }
}

Imports System
Imports System.Security.Authentication

Public Class TestClass
    Public Function ExampleMethod() As SslProtocols
        ' CA5398 violation
        Return CType(3072, SslProtocols)   ' TLS 1.2
    End Function
End Class

Solution

using System;
using System.Security.Authentication;

public class TestClass
{
    public void Method()
    {
        // Let the operating system decide what TLS protocol version to use.
        // See https://learn.microsoft.com/dotnet/framework/network-programming/tls
        SslProtocols sslProtocols = SslProtocols.None;
    }
}

Imports System
Imports System.Security.Authentication

Public Class TestClass
    Public Sub ExampleMethod()
        ' Let the operating system decide what TLS protocol version to use.
        ' See https://learn.microsoft.com/dotnet/framework/network-programming/tls
        Dim sslProtocols As SslProtocols = SslProtocols.None
    End Sub
End Class

CA5364: Do not use deprecated security protocols

CA5386: Avoid hardcoding SecurityProtocolType value

CA5397: Do not use deprecated SslProtocols values

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4