none
Is there a limitation for InfoPath REST services when calling TLS 1.2-only endpoints?

    Question

  • I have a customer who has two https endpoints, one that requires TLS 1.2 and one that does not. He cannot talk to the 1.2 endpoint by way of making a web service call. The error that is returned indicates a cross-site violation but both servers are in the same domain and there are no permission requirements on the endpoint.

    We had a similar issue with the SP 2013 workflow services (which run on Service Bus) prior to applying the Service Bus CU 5. It would not talk to TLS 1.2 (same service endpoints used for testing) until the update was applied. Since I'm not sure what component is responsible for making the web service calls on behalf of InfoPath, is it possible that there is a component which will fail under these circumstances? Maybe this was patched at some point and we are behind a patch?

    I just find it odd that InfoPath wouldn't be able to talk to a web service if the service requires TLS 1.2.

    jeudi 17 mai 2018 19:37

Toutes les réponses

  • Hi Golfarama,

    You can refer to this article:
    TLS 1.2 and .NET Support: How to Avoid Connection Errors
    https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

    As mentioned in that article:

    1..NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2, it’s supported by default.

    2. .NET 4.5. TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

    3.NET 4.0. TLS 1.2 is not supported, but if you have .NET 4.5 (or above) installed on the system then you still can opt in for TLS 1.2 even if your application framework doesn’t support it. The only problem is that SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS1.2, so we’d have to use a numerical representation of this enum value:
    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

    4..NET 3.5 or below. TLS 1.2 is not supported (*) and there is no workaround. Upgrade your application to more recent version of the framework.


    Best regards,
    Ethan Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    il y a 14 heure(s) et 38 minute(s)
  • Thank you for the reply. I was specifically talking about InfoPath 2013 on SharePoint, not generic .NET.

    InfoPath forms that need to call REST web services using only TLS 1.2 is my concern. That is why I put InfoPath in the title of my question and in the body of my question, though maybe not explicitly enough. I apologize if this was not clear.

    However, it appears that since we've updated Service Bus on the whole farm to the latest CU the issue has been resolved. The customer had not properly re-saved their Data Connection files and was blaming the connection failure on TLS 1.2 even after the updates. I suspected this might be the case but was still not sure if InfoPath used the same HTTP stack as the rest of SharePoint.

    Even though everything is working now, I am still curious to know if indeed InfoPath uses the same HTTP stack as SharePoint to make web service calls. If anyone knows the answer to that I would be very interested to hear.

    il y a 8 heure(s) et 52 minute(s)