TLS 1.2 Protocol CT-e 3.0 and NF-e 4.0

0

I am developing the CT-e 3.0 and the NF-e 4.0, in which it cites the need to change the security protocol from SSL to TLS 1.2 with the deadline of 04/02/2018.

In the receiving webservice you have no information about the protocols, the documentation of both (CT-e and NF-e) leaves the changes that are necessary a bit vague.

The application is developed in C # and VB.NET.

Because of this, I searched for implementations on the internet, arriving at the following implementation: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 Or SecurityProtocolType.Ssl

Even though we implemented this, we did not have any differences, and we were not able to run the test either to see if this change is to be made or whether the change should also be made to a digital certificate and / or chain of certificates.

Would you like to be sure that these changes are only needed?

If you have something else to implement you would like the contribution of the community.

NOTE: We use Certificate A1 and A3.

    
asked by anonymous 17.10.2017 / 14:47

1 answer

3

I did the following test:

I used an application to query SEFAZ MG status in the .NET Framework 2.0 certification environment, without changing the protocol for TLS 1.2.

I opened Wireshark and activated a packet filter for TLS 1.2 protocol like this:

ssl.record.version == 0x0303

The result was that no packet was displayed, ie it did not transmit with the TLS 1.2 protocol.

Next, I changed the code to use TLS 1.2. In .NET 2.0, you do not have the enumeration constant, but you can do the equivalent as follows:

System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

When running the application with this change, Wireshark displayed a SEFAZ IP account packet with the TLS 1.2 protocol.

Conclusion: This is the only change you need.

    
04.04.2018 / 19:21