diff --git a/src/NzbDrone.Common/NzbDrone.Common.csproj b/src/NzbDrone.Common/NzbDrone.Common.csproj
index ff9a16604..f5c53d1fe 100644
--- a/src/NzbDrone.Common/NzbDrone.Common.csproj
+++ b/src/NzbDrone.Common/NzbDrone.Common.csproj
@@ -208,6 +208,7 @@
+
diff --git a/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs
new file mode 100644
index 000000000..5c880c4ae
--- /dev/null
+++ b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs
@@ -0,0 +1,40 @@
+using System;
+using System.Net;
+using NLog;
+using NzbDrone.Common.Instrumentation;
+
+namespace NzbDrone.Common.Security
+{
+ public static class SecurityProtocolPolicy
+ {
+ private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(SecurityProtocolPolicy));
+
+ private const SecurityProtocolType Tls11 = (SecurityProtocolType)768;
+ private const SecurityProtocolType Tls12 = (SecurityProtocolType)3072;
+
+ public static void Register()
+ {
+ try
+ {
+ // TODO: In v3 we should drop support for SSL3 because its very insecure. Only leaving it enabled because some people might rely on it.
+ var protocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
+
+ if (Enum.IsDefined(typeof(SecurityProtocolType), Tls11))
+ {
+ ServicePointManager.SecurityProtocol |= Tls11;
+ }
+
+ if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12))
+ {
+ ServicePointManager.SecurityProtocol |= Tls12;
+ }
+
+ ServicePointManager.SecurityProtocol = protocol;
+ }
+ catch (Exception ex)
+ {
+ Logger.Debug(ex, "Failed to set TLS security protocol.");
+ }
+ }
+ }
+}
diff --git a/src/NzbDrone.Host/Bootstrap.cs b/src/NzbDrone.Host/Bootstrap.cs
index 392478458..0422665ad 100644
--- a/src/NzbDrone.Host/Bootstrap.cs
+++ b/src/NzbDrone.Host/Bootstrap.cs
@@ -22,6 +22,7 @@ public static void Start(StartupContext startupContext, IUserAlert userAlert, Ac
try
{
X509CertificateValidationPolicy.Register();
+ SecurityProtocolPolicy.Register();
Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version);
diff --git a/src/NzbDrone.Host/Owin/OwinHostController.cs b/src/NzbDrone.Host/Owin/OwinHostController.cs
index 09efd0b24..ada81e390 100644
--- a/src/NzbDrone.Host/Owin/OwinHostController.cs
+++ b/src/NzbDrone.Host/Owin/OwinHostController.cs
@@ -34,8 +34,6 @@ public OwinHostController(
public void StartServer()
{
- X509CertificateValidationPolicy.Register();
-
if (OsInfo.IsWindows)
{
if (_runtimeInfo.IsAdmin)
diff --git a/src/NzbDrone.Update/UpdateApp.cs b/src/NzbDrone.Update/UpdateApp.cs
index 6cb1c0ab4..f379ba99c 100644
--- a/src/NzbDrone.Update/UpdateApp.cs
+++ b/src/NzbDrone.Update/UpdateApp.cs
@@ -36,6 +36,7 @@ public static void Main(string[] args)
Logger.Info("Starting Sonarr Update Client");
X509CertificateValidationPolicy.Register();
+ SecurityProtocolPolicy.Register();
_container = UpdateContainerBuilder.Build(startupArgument);