Supporting TLS 1.2 in SharePoint 2013

In March of 2014 the .NET framework 4.6 was updated to provide support for TLS 1.1 and 1.2.  This is made it possible through a series of registry entries to enable this more secure method.

An issue with REST calls using this version of the .NET Framework still exists because of the interfaces based on WCF which can cause Event ID 5566 to be recorded in the servers application log.

For example take an InfoPath form that has been configured with a button making a REST call to another SharePoint list to retrieve data.  If you have followed the guidance on configuring TLS 1.2 in the registry you'll be presented with this error:

In the ULS log you'll want to look for an entry similar to this:

"The following query failed: <NameOfRESTQuery>"..."The underlying connection was closed: An unexpected error occurred on a receive"

The tip off would be the name of the query you're trying to execute and knowing that it's making a REST call.

The fix is fairly straight forward:

  1. Install the .NET Framework 4.7 - Starting with the .NET Framework 4.7, WCF allows you to configure TSL 1.1 or TLS 1.2 in addition to SSL 3.0 and TSL 1.0 as the default message security protocol.
  2. Make necessary registry entries to support TLS 1.2
  3. In the Web.Config file for the web application you intend to use TLS 1.2 on, make the following entry:

<runtime>

<AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" />

</runtime>

Once these changes have been made REST calls can be made without any errors being returned.

NOTE:   This approach only works on SharePoint 2013 because it uses the .NET Framework 4.x.  It will not work on SharePoint 2010 since it uses the .NET Framework 3.x