Outlok Add-in not using TLS 1.2 by default with Target .NET Framework 4.6.2

Add-in Express™ Support Service
That's what is more important than anything else

Outlok Add-in not using TLS 1.2 by default with Target .NET Framework 4.6.2
 
Subscribe
Jeff Gavin




Posts: 5
Joined: 2016-11-09
Hello,

We've created an Outlook Add-in using Add-in Express version 8.7.4425.0 and Target .NET Framework 4.6.2. With .NET 4.6.2 the default TLS used should be 1.2 : https://blogs.msdn.microsoft.com/dotnet/2016/08/02/announcing-net-framework-4-6-2/

What we are observing is, if we create a simple console app targeting .NET 4.6.2 framework, TLS 1.2 is being used, but if we create an add-in targeting .NET 4.6.2 framework, TLS 1.0 is being used. We are wondering if Add-in Express is forcing TLS 1.0 in one of its libraries.

Below is sample code you can use to try it out. It connects to a website that responds with the status of your TLS connection. When connecting from the console app it returns 1.2 but when connecting from the Outlook Add-in it is responding with TLS 1.0 in the content. For the add-in you can add this code to a click event off of a ribbon button.


Please let me know if you need additional information:


class Program
{
static void Main(string[] args)
{
Task t = new Task(GetPage);
t.Start();
Console.WriteLine("Downloading page...");
Console.ReadLine();
}

static async void GetPage()
{
string url = "https://www.howsmyssl.com/";
Console.WriteLine(url);
using (HttpClient client = new HttpClient())
using (HttpResponseMessage response = await client.GetAsync(url))
using (HttpContent content = response.Content)
{
string result = await content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
}

Thanks

- Jeff
Posted 20 Oct, 2017 09:13:12 Top
Andrei Smolin


Add-in Express team


Posts: 14115
Joined: 2006-05-11
Hello Jeff,

An add-in is a class library, not an .EXE. Try to put the configuration info in the add-in's .config file or in Outlook.exe.config. See also section Configuring an Add-in, see the PDF file in the folder {Add-in Express}\Docs on your development PC.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 20 Oct, 2017 10:10:14 Top
Jeff Gavin




Posts: 5
Joined: 2016-11-09
Hello Andrei,

The sample code above was for the console application. If you cut that code in the main function and put it in the Outlook add-in's click event, you will see the behavior when making the request from the Add-in class library. You mentioned the configuration file. What info needs to go there to force TLS 1.2?

Thanks

- Jeff
Posted 20 Oct, 2017 10:25:16 Top
Andrei Smolin


Add-in Express team


Posts: 14115
Joined: 2006-05-11
I can't tell; I've never used TLS. But you should note that your add-in is executed as part of Outlook.exe.

Maybe, some other add-ins load a different .NET version and this causes the issue. Try to turn all other COM add-ins off.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 20 Oct, 2017 10:30:32 Top
Jeff Gavin




Posts: 5
Joined: 2016-11-09
Hello Andrei,

We removed all other COM add-ins and we are still seeing the behavior.

Thanks

- Jeff
Posted 20 Oct, 2017 10:55:24 Top
Andrei Smolin


Add-in Express team


Posts: 14115
Joined: 2006-05-11
Hello Jeff,

Jeff Gavin writes:
Below is sample code you can use to try it out. It connects to a website that responds with the status of your TLS connection. When connecting from the console app it returns 1.2


It returns 1.0 for me. Could you please send me your test project that works correctly for you? You can find the support email address in {Add-in Express installation folder}\readme.txt. Please make sure your email contains a link to this topic.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 23 Oct, 2017 09:22:25 Top
Andrei Smolin


Add-in Express team


Posts: 14115
Joined: 2006-05-11
Hello Jeff,

Thank you for providing the project. I've found that my console application doesn't work if I compile and debug it in VS 2015; the issue doesn't occur if I start the compiled .EXE, though. Also, debugging in VS 2017 doesn't produce the issue. I assume this relates to using vshost.exe in VS 2015; see https://stackoverflow.com/questions/45539760/vshost-exe-file-has-different-net-framework-version.

Still, I can't find a solution for the original issue. I suggest that you use a workaround: perform that call in a standalone .EXE, rather than in the add-in.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 24 Oct, 2017 07:24:34 Top
Jeff Gavin




Posts: 5
Joined: 2016-11-09
Thanks for investigating Andrei. Unfortunately, running the call in an .EXE is not an option for us as the we need to make the call from our Add-in Express Outlook add-in. Is it possible that the Add-in Express libraries are using a lower .NET framework version which is forcing the TLS 1.0? What version of .NET are the latest Add-in express assemblies compiled with? If it is earlier than 4.6.2, is it possible to try compiling with .NET 4.6.2 and see if connecting from the Add-in Express Outlook add in uses TLS 1.2?

Thanks

- Jeff
Posted 24 Oct, 2017 07:44:10 Top
Andrei Smolin


Add-in Express team


Posts: 14115
Joined: 2006-05-11
Hello Jeff,

This doesn't seem related to compiling Add-in Express with 4.6.2. Try to add this code line to the constructor of the add-in module:

using System.Net;
...
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;


I need to warn you however: this doesn't help on some of our machines. Will try to find out why.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 25 Oct, 2017 07:38:58 Top
Jeff Gavin




Posts: 5
Joined: 2016-11-09
Thanks for the suggestion Andrei. Unfortunately we don't want to explicitly set the TLS version as this will become outdated as future versions are released. Perhaps you can try the add-in compiled with 4.6.2 and also setting the registry settings described here:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
Posted 25 Oct, 2017 08:03:29 Top