Announcing the .NET Framework 4.6.2 Preview

We are pleased to announce the .NET Framework Preview 4.6.2. You can download the release from one of the following links:

We’ve added new features and APIs in the following areas of the product:

  • TLS 1.1/1.2 support for ClickOnce
  • Enabling .NET desktop apps with Project Centennial
  • Support for additional cryptography standards
  • Soft keyboard and per-monitor DPI support for WPF

You can see the full set of changes in the .NET Framework 4.6.2 Preview in the change list and API diff that we’ve published on GitHub.


Transport Layer Security (TLS) 1.1 and 1.2 Support

ClickOnce has been updated to support TLS 1.1 and 1.2. ClickOnce will automatically detect which TLS protocol is required at runtime. There are no extra steps that are needed within the ClickOnce application to enable this.

ClickOnce continues to support TLS 1.0 for the foreseeable future for compatibility, for applications that do not or cannot upgrade.

A release to support TLS 1.1 and 1.2 for .NET Framework versions 4.5.2, 4.6 and 4.6.1 as well as Windows 7 and above is planned for April 2016.

Converting Your Desktop App to UWP (Project Centennial)

Windows now offers capabilities to bring existing Windows desktop apps (including WPF/Windows Forms) to the Universal Windows Platform (UWP). This capability was previously known as “Project Centennial”. The goal of this technology is to act as a bridge by enabling developers to gradually migrate their existing code base to UWP, bringing their app to all Windows 10 devices.

The image below shows a WPF app that has been converted to Centennial and now includes a live tile, previously only available to UWP apps.

Centennial WPF

The .NET desktop app will continue to behave as before, running as a desktop app. You can add a UWP component that calls UWP APIs, to enable UWP features such as live tiles and the share contract. The UWP component would be build and compiled with .NET Native, just like building any other UWP app.


X509 Certificates Now Support FIPS 186-3 DSA

The .NET Framework 4.6.2 adds support for DSA (Digital Signature Algorithm) X509 certificates whose keys exceed the FIPS 186-2 limit of 1024-bit.

In addition to supporting the larger key sizes of FIPS 186-3, the .NET Framework 4.6.2 allows computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512). The FIPS 186-3 support is provided by the new DSACng class.

Keeping in line with recent changes to RSA (.NET Framework 4.6) and ECDsa (.NET Framework 4.6.1), the DSA abstract base class has additional methods to allow callers to make use of this functionality without casting.

Increased Clarity for Inputs to ECDiffieHellman Key Derivation Routines

The .NET Framework 4.6.2 added support for Ellptic Curve Diffie-Hellman Key Agreement that included three different KDF (Key Derivation Function) routines. The inputs to the routines, and the routine itself, were configured via properties on the ECDiffieHellmanCng object; but since not every routine read every input property there was ample room for confusion. The ECDiffieHellman base class has been updated to more clearly represent these KDF routines and their inputs:

Support for Persisted-Key Symmetric Encryption

The Windows Cryptography Library (CNG) has support for storing persisted symmetric keys on software and hardware devices and the .NET Framework 4.6.2 has made it possible for users to make use of this feature. Since key names and key providers is implementation-specific, using this feature requires calling the constructor of the concrete implementation type instead of the more common factory approach (e.g. Aes.Create()). Persisted-key symmetric encryption support exists for the AES (AesCng) and 3DES (TripleDESCng) algorithms.

SignedXml Support for SHA-2 Hashing

The .NET Framework 4.6.2 has added support to SignedXml which permits RSA-SHA256, RSA-SHA384, and RSA-SHA512 PKCS#1 signature methods, and SHA256, SHA384, and SHA512 reference digest algorithms. The URI constants are all exposed on SignedXml:

Any programs which have registered a custom SignatureDescription handler into CryptoConfig to add support for these algorithms will continue to function as they did in the past, but since there are now platform defaults the CryptoConfig registration should no longer be necessary.

Windows Presentation Foundation

Soft Keyboard Support

Soft Keyboard support enables automatic invocation and dismissal of the touch keyboard in WPF applications without disabling WPF stylus/touch support on Windows 10. Prior to 4.6.2, WPF applications do not implicitly support the invocation or dismissal of the touch keyboard without disabling WPF stylus/touch support. This is due to a change in the way the touch keyboard tracks focus in applications starting in Windows 8.

soft keyboard

Per-Monitor DPI Support

WPF applications are system-DPI aware, which means that applications are scaled by Windows depending on the DPI of the monitor on which the application is being rendered. This can result in loss of sharpness, blurry text etc. Prior to 4.6.2, additional native code was required to enable per-monitor DPI awareness in WPF applications.

Given the recent proliferation of high-DPI and hybrid-DPI environments in the ecosystem, we have now enabled per-monitor DPI awareness in WPF applications. See the samples and developer guide for more information about how to enable you WPF application to become per-monitor DPI aware.

Providing Feedback

We hope to hear your feedback as you try the preview release which can be directed to: