Skip to main content

HSD’s Dynamics Technical Consultant – Ash Dason walks you through adjusting changes within plugins.

One of our CRM plugin solutions connects to an external web service to validate data. This web service was dropping support for TLS 1.0 and TLS 1.1 and wanted all requests to use TLS 1.2. So how do we go about with this change within plugins?

First, get the highest .NET framework version installed on the CRM Server. This link provides the details on how to go about it.

Once you have the installed .NET version, know the limitations imposed by each version. Our plugin solution was built using .Net framework 4.6 and was sandboxed. Our internal servers then installed .NET version 4.7.x, so all requests would be defaulting to the highest supported TLS version (1.2). However our client was using 4.5. Therefore to force TLS 1.2 as the chosen transport level security, we included the below highlighted line, just before the WebRequest was created.

Alternatively you can also use |= to enable specific protocols without disabling others and maintaining backward compatibility.

e.g. System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12;

After deployment and working with the external web services’ support team we found they were getting requests using the TLS 1.2.

If you do not have the luxury of working with a support team, you can install a packet capture tool (highly recommend Wireshark) and look for the Client and Server handshakes (hello) like below.

We hope this helps if you come across a similar issue!

Make sure you check out more of HSD’s blog posts by visiting and follow us on LinkedIn for up-to-date activity from HSD.