New: Support for TLS 1.1 and 1.2 connections when only .net 4.5 is installed.

src/NzbDrone.Common/NzbDrone.Common.csproj

@@ -208,6 +208,7 @@
     <Compile Include="Properties\SharedAssemblyInfo.cs" />
     <Compile Include="Reflection\ReflectionExtensions.cs" />
     <Compile Include="Extensions\ResourceExtensions.cs" />
+    <Compile Include="Security\SecurityProtocolPolicy.cs" />
     <Compile Include="Security\X509CertificateValidationPolicy.cs" />
     <Compile Include="Serializer\HttpUriConverter.cs" />
     <Compile Include="Serializer\IntConverter.cs" />

src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs

@@ -0,0 +1,40 @@
+using System;
+using System.Net;
+using NLog;
+using NzbDrone.Common.Instrumentation;
+
+namespace NzbDrone.Common.Security
+{
+    public static class SecurityProtocolPolicy
+    {
+        private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(SecurityProtocolPolicy));
+
+        private const SecurityProtocolType Tls11 = (SecurityProtocolType)768;
+        private const SecurityProtocolType Tls12 = (SecurityProtocolType)3072;
+
+        public static void Register()
+        {
+            try
+            {
+                // TODO: In v3 we should drop support for SSL3 because its very insecure. Only leaving it enabled because some people might rely on it.
+                var protocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
+
+                if (Enum.IsDefined(typeof(SecurityProtocolType), Tls11))
+                {
+                    ServicePointManager.SecurityProtocol |= Tls11;
+                }
+
+                if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12))
+                {
+                    ServicePointManager.SecurityProtocol |= Tls12;
+                }
+
+                ServicePointManager.SecurityProtocol = protocol;
+            }
+            catch (Exception ex)
+            {
+                Logger.Debug(ex, "Failed to set TLS security protocol.");
+            }
+        }
+    }
+}

src/NzbDrone.Host/Bootstrap.cs

@@ -22,6 +22,7 @@ namespace NzbDrone.Host
             try
             {
                 X509CertificateValidationPolicy.Register();
+                SecurityProtocolPolicy.Register();
 
                 Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version);
 

src/NzbDrone.Host/Owin/OwinHostController.cs

@@ -34,8 +34,6 @@ namespace NzbDrone.Host.Owin
 
         public void StartServer()
         {
-            X509CertificateValidationPolicy.Register();
-
             if (OsInfo.IsWindows)
             {
                 if (_runtimeInfo.IsAdmin)

src/NzbDrone.Update/UpdateApp.cs

@@ -36,6 +36,7 @@ namespace NzbDrone.Update
                 Logger.Info("Starting Sonarr Update Client");
 
                 X509CertificateValidationPolicy.Register();
+                SecurityProtocolPolicy.Register();
 
                 _container = UpdateContainerBuilder.Build(startupArgument);