Summary

As of the following Content Platform Engine versions, the Content Engine .NET API now directly selects the highest TLS version available without Microsoft Windows registry changes:

5.5.4.0-P8CPE-IF005
5.5.5.0-P8CPE-IF004
5.5.6.0-P8CPE-IF002
5.5.7.0-P8CPE

The updated .NET API selects the highest TLS or SSL version possible during the client authentication handshake. The Content Engine .NET API still conforms to a .NET Framework 3.5 standard, so you do not have to rebuild your existing .NET applications with a new .NET version.

When the .NET API selects the TLS/SSL version during the authentication handshake, it chooses one of the following paths: If your application targets .NET Framework 4.x or later, or an app.config file directs it to do so, the Content Engine .NET API takes the system defaults as defined by the .NET Framework version. If your application targets .NET Framework 3.5, the Content Engine .NET API first attempts to connect with TLSv1.3, then iterates through 1.2, 1.1, 1.0, and finally SSL3, regardless of operating system defaults.

IBM recommends that you install .NET Framework 4.7 or later on your Windows client, and configure your application to run on .NET Framework 4. Framework 3.5 did not initially support TLSv1.2 without subsequent fixes, so make sure to apply the latest Windows updates.