diff --git a/Tools/MediaPortal.DeployTool/Program.cs b/Tools/MediaPortal.DeployTool/Program.cs index 308251796fa..5000382bdcd 100644 --- a/Tools/MediaPortal.DeployTool/Program.cs +++ b/Tools/MediaPortal.DeployTool/Program.cs @@ -33,7 +33,20 @@ internal static class Program private static void Main() { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } + + //Set TLS Schannel to higher security + Utils.SetHigherNetFramework4TlsSecurity(); + if (Utils.CheckStartupPath()) { Application.EnableVisualStyles(); diff --git a/Tools/MediaPortal.DeployTool/Utils.cs b/Tools/MediaPortal.DeployTool/Utils.cs index cdfa31aa81d..186283f41ff 100644 --- a/Tools/MediaPortal.DeployTool/Utils.cs +++ b/Tools/MediaPortal.DeployTool/Utils.cs @@ -955,6 +955,30 @@ public static void FixMediaPortal64RegistryPath(string strName) } } + /// + /// Set higher TLS security for NET 4.0 applications by using 'SchUseStrongCrypto' registry key + /// + public static void SetHigherNetFramework4TlsSecurity() + { + //https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls + //Setting registry keys affects all applications on the system. + //A value of 1 causes your app to use strong cryptography. + //The strong cryptography uses more secure network protocols (TLS 1.2 and TLS 1.1) and blocks protocols that aren't secure. + //This registry setting affects only client (outgoing) connections in your application. + + const string PATH = @"SOFTWARE\Microsoft\.NETFramework\v4.0.30319"; + const string KEY_VALUE_NAME = "SchUseStrongCrypto"; + + RegistryKey key = Registry.LocalMachine.OpenSubKey(PATH, true); + if (key == null) + key = Registry.LocalMachine.CreateSubKey(PATH); + + if ((int)key.GetValue(KEY_VALUE_NAME, 0) == 0) + key.SetValue(KEY_VALUE_NAME, 1); + + key.Close(); + } + #endregion } } diff --git a/TvEngine3/TVLibrary/SetupTv/Startup.cs b/TvEngine3/TVLibrary/SetupTv/Startup.cs index 0d1f6ff1a13..26320e03da6 100644 --- a/TvEngine3/TVLibrary/SetupTv/Startup.cs +++ b/TvEngine3/TVLibrary/SetupTv/Startup.cs @@ -102,7 +102,16 @@ public static void Application_ThreadException(object sender, ThreadExceptionEve public static void Main(string[] arguments) { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } // Init Common logger -> this will enable TVPlugin to write in the Mediaportal.log file var loggerName = Path.GetFileNameWithoutExtension(Environment.GetCommandLineArgs()[0]); var dataPath = Log.GetPathName(); diff --git a/TvEngine3/TVLibrary/TvService/Service1.cs b/TvEngine3/TVLibrary/TvService/Service1.cs index 9bee3d9601e..c50d814f816 100644 --- a/TvEngine3/TVLibrary/TvService/Service1.cs +++ b/TvEngine3/TVLibrary/TvService/Service1.cs @@ -127,7 +127,16 @@ private void CurrentDomain_UnhandledException(object sender, UnhandledExceptionE private static void Main(string[] args) { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } // Init Common logger -> this will enable TVPlugin to write in the Mediaportal.log file var loggerName = Path.GetFileNameWithoutExtension(Environment.GetCommandLineArgs()[0]); var dataPath = Log.GetPathName(); diff --git a/mediaportal/Configuration/Startup.cs b/mediaportal/Configuration/Startup.cs index 459863a55e9..f58df54ba1c 100644 --- a/mediaportal/Configuration/Startup.cs +++ b/mediaportal/Configuration/Startup.cs @@ -272,7 +272,16 @@ public static void Main(string[] arguments) try { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(CurrentDomain_AssemblyResolve); Application.EnableVisualStyles(); Application.DoEvents(); diff --git a/mediaportal/Core/Util/HtmlToText.cs b/mediaportal/Core/Util/HtmlToText.cs index 3a491eff67d..7d90dba2d57 100644 --- a/mediaportal/Core/Util/HtmlToText.cs +++ b/mediaportal/Core/Util/HtmlToText.cs @@ -104,7 +104,16 @@ public class HtmlToText public static void Main(string[] args) { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } Thread.CurrentThread.Name = "HtmlToText"; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(args[0]); try diff --git a/mediaportal/MPE/MpeInstaller/Program.cs b/mediaportal/MPE/MpeInstaller/Program.cs index 716b17f7eb2..ee773d2d30f 100644 --- a/mediaportal/MPE/MpeInstaller/Program.cs +++ b/mediaportal/MPE/MpeInstaller/Program.cs @@ -33,7 +33,16 @@ internal static class Program private static void Main(string[] args) { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); if (args.Length > 0) diff --git a/mediaportal/MPE/MpeMaker/Program.cs b/mediaportal/MPE/MpeMaker/Program.cs index 7d6ca41e101..d6347b193c0 100644 --- a/mediaportal/MPE/MpeMaker/Program.cs +++ b/mediaportal/MPE/MpeMaker/Program.cs @@ -35,7 +35,16 @@ internal static class Program private static void Main(string[] args) { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); if (args.Length > 0) diff --git a/mediaportal/MediaPortal.Application/MediaPortal.cs b/mediaportal/MediaPortal.Application/MediaPortal.cs index 26f99de5c4f..82e2f6336af 100644 --- a/mediaportal/MediaPortal.Application/MediaPortal.cs +++ b/mediaportal/MediaPortal.Application/MediaPortal.cs @@ -511,7 +511,16 @@ public static void Main(string[] args) //Application.ApplicationExit += new EventHandler(Application_ApplicationExit); // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } using (Settings xmlreader = new MPSettings()) { diff --git a/mediaportal/PostSetup/MPRecommendations.cs b/mediaportal/PostSetup/MPRecommendations.cs index 7fd7a8a286f..37aad11df13 100644 --- a/mediaportal/PostSetup/MPRecommendations.cs +++ b/mediaportal/PostSetup/MPRecommendations.cs @@ -256,7 +256,16 @@ private void InitializeComponent() private static void Main(string[] args) { // .NET 4.0: Use TLS v1.2. Many download sources no longer support the older and now insecure TLS v1.0/1.1 and SSL v3. - ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + try + { + //TLS 1.2 and 1.3 + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00 | (SecurityProtocolType)0x3000; + } + catch (NotSupportedException) + { + //TLS 1.2 only + ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xc00; + } Application.Run(new MPRecommendations(args)); }