Skip to Content

Security protocol support

Vinyl is a .Net application. In .Net, the supported SSL and TLS security protocols are global settings. They must be set at startup, before making any HTTP connections. The default security protocols supported vary by Vinyl version.

Version SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2
1.0 Yes Yes No No
1.1 to 1.5 No No Yes Yes
1.6 and up No Yes Yes Yes

Developers can override the default security providers. To do so, edit the AppSettings.config file:


Add a SecurityProtocols key with a comma delimited list of values. The values must correspond to member names of the SecurityProtocolType enumeration. For example:

<?xml version="1.0" encoding="utf-8" ?>
  <add key="SecurityProtocols" value="Ssl3, Tls, Tls11, Tls12" />

For more on customizing the AppSettings.config file, see Custom .NET configuration.

Some security protocols are inherently insecure and should be avoided. In particular, SSL 3.0 is vulnerable to the POODLE attack.