Transport layer security for HTTP based services is achieved by adding a sub layer of SSL or TLS. SSL stands for Secure Socket Layer and TLS stands for Transport Layer Security.

SSL is deprecated version and some vulnerabilities have been found and have been used by attackers. Now a days, most of the web applications support transport layer security using TLS.

In this article, let’s have a look at how the TLS can be configured with Kestrel web server.

Enable TLS

ConfigureHttpsDefaults method provides an Action parameter, which can be used for this purpose. It has gets a parameter of type HttpsConnectionAdapterOptions. This parameter has a property SslProtocols, which can be set to the protocol that needs to be enabled on the web server.  

The default value for this property is NONE, meaning the web server will allow operating system to choose best protocol. Operating system should block the insecure protocols. This is best option as per documentation in case your application does not have specific needs.

Troubleshooting

In order to troubleshoot any issues related to TLS encryptions or proxies, connection logging is very useful. There is a in-built middleware available for connection logging. This middleware enables debug level logging.

It can be enabled by calling UseConnectionLogging method. If this method is called before UseHttps, encrypted traffic is logged. If it is logged after UseHttps call, then this middleware logs decrypted traffic.

Code

Below code shows how TLS and connection logging can be enabled on Kestrel server.

Have you used connection logging ? How was your experience ? Let me know your thoughts.