Change supported TLS protocol versions

[csaba-sagi-sonarsource]

The WebClientDownloader supports only TLS1.0, TLS1.1 and TLS1.2 versions, but the latest is TLS1.3 which should be supported too.
Where possible the SystemDefault version should be used which allows the operating system to choose the best protocol to use, and to block protocols that are not secure. For other cases versions TLS1.0, TLS1.1, TLS1.2 and TLS1.3 should be set.

• SonarScanner for MSBuild version: 5.3.2

[tom-howlett-sonarsource]

@csaba-sagi-sonarsource Can you help me understand what the current code enforces? Does it restrict users from using newer (more secure) TLS versions such as 1.3? I think it's desirable to let the OS negotiate the most secure TLS version it can and we stay out of it if that's possible, could we just set to SystemDefault? It seems the SQ does not do anythin specific and it is left to the server configuration.

[csaba-sagi-sonarsource]

The current code enforces the usage of TLS 1.0, 1.1 and 1.2 and restricts the usage of any other version (1.3). If we use the SystemDefault we might still end up using versions 1.0 and 1.1 as they are enabled even for Windows11. However administrators have the possibility to configure the OS to enforce newer versions.

[andrei-epure-sonarsource]

@csaba-sagi-sonarsource my only mention is that according to https://docs.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.securityprotocol?view=net-6.0 , it is SystemDefault only for Starting with the .NET Framework 4.7 - so the ticket should be explicit about this detail

[csaba-sagi-sonarsource]

You are right, I'll take a look what is the default value on lover versions, as It might be that it will not work for those versions.