[Breaking change]: Mark SslProtocols.Tls and SslProtocols.Tls11 as obsolete

[rzikm]

Description

dotnet/runtime#65773 marks SslProtocols.Tls and SslProtocols.Tls11 as obsolete.

Original issue: dotnet/runtime#65546

Version

.NET 7 Preview 3

Previous behavior

No warnings when SslProtocols.Tls and SslProtocols.Tls11 were used in code.

New behavior

Using SslProtocols.Tls or SslProtocols.Tls11 produces SYSLIB039 warning

Type of breaking change

• Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
• Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.

Reason for change

With the recent push for more secure defaults and behavior and with recent Azure and CipherSuitePolicy changes we feel it is time to mark TLS 1.0 and 1.1 as obsolete since the industry no longer considers them as safe.

Recommended action

Use a higher TLS protocol version, or use SslProtocol.None to defer to system defaults.

Otherwise, the warning can be silenced using #pragma warning disable:

#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
                    protocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
#pragma warning restore SYSLIB0039

Feature area

Networking

Affected APIs

SslProtocols enum.