MicrosoftDocs
diff --git a/‎docs/code-quality/ca5361.md
Lines changed: 95 additions & 0 deletions b/‎docs/code-quality/ca5361.md
Lines changed: 95 additions & 0 deletions
diff --git a/‎docs/code-quality/ca5364.md
Lines changed: 141 additions & 0 deletions b/‎docs/code-quality/ca5364.md
Lines changed: 141 additions & 0 deletions
diff --git a/‎docs/code-quality/ca5378.md
Lines changed: 95 additions & 0 deletions b/‎docs/code-quality/ca5378.md
Lines changed: 95 additions & 0 deletions
@@ -0,0 +1,95 @@
+---
+title: "CA5361: Do not disable SChannel use of strong crypto"
+description: Provides information about code analysis rule CA5361, including causes, how to fix violations, and when to suppress it.
+ms.date: 07/12/2019
+ms.topic: reference
+author: dotpaul
+ms.author: paulming
+manager: jillfra
+dev_langs:
+ - CSharp
+ - VB
+ms.workload:
+  - "multiple"
+f1_keywords:
+  - "CA5361"
+  - "DoNotSetSwitch"
+---
+# CA5361: Do not disable SChannel use of strong crypto
+
+|||
+|-|-|
+|TypeName|DoNotSetSwitch|
+|CheckId|CA5361|
+|Category|Microsoft.Security|
+|Breaking Change|Non Breaking|
+
+## Cause
+
+A <xref:System.AppContext.SetSwitch%2A?displayProperty=nameWithType> method call sets `Switch.System.Net.DontEnableSchUseStrongCrypto` to `true`.
+
+## Rule description
+
+Setting `Switch.System.Net.DontEnableSchUseStrongCrypto` to `true` weakens the cryptography used in outgoing Transport Layer Security (TLS) connections. Weaker cryptography can compromise the confidentiality of communication between your application and the server, making it easier for attackers to eavesdrop sensitive data. For more information, see [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls#switchsystemnetdontenableschusestrongcrypto).
+
+## How to fix violations
+
+- If your application targets .NET Framework v4.6 or later, you can either remove the <xref:System.AppContext.SetSwitch%2A?displayProperty=nameWithType> method call, or set the switch's value to `false`.
+- If your application targets .NET Framework earlier than v4.6 and runs on .NET Framework v4.6 or later, set the switch's value to `false`.
+- Otherwise, refer to [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls) for mitigations.
+
+## When to suppress warnings
+
+You can suppress this warning if you need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
+
+## Pseudo-code examples
+
+### Violation
+
+```csharp
+using System;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        // CA5361 violation
+        AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto", true);
+    }
+}
+```
+
+```vb
+Imports System
+
+Public Class ExampleClass
+    Public Sub ExampleMethod()
+        ' CA5361 violation
+        AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto", true)
+    End Sub
+End Class
+```
+
+### Solution
+
+```csharp
+using System;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto", false);
+    }
+}
+```
+
+```vb
+Imports System
+
+Public Class ExampleClass
+    Public Sub ExampleMethod()
+        AppContext.SetSwitch("Switch.System.Net.DontEnableSchUseStrongCrypto", false)
+    End Sub
+End Class
+```
@@ -0,0 +1,141 @@
+---
+title: "CA5364: Do not use deprecated security protocols"
+description: Provides information about code analysis rule CA5364, including causes, how to fix violations, and when to suppress it.
+ms.date: 07/12/2019
+ms.topic: reference
+author: dotpaul
+ms.author: paulming
+manager: jillfra
+dev_langs:
+ - CSharp
+ - VB
+ms.workload:
+  - "multiple"
+f1_keywords:
+  - "CA5364"
+  - "DoNotUseDeprecatedSecurityProtocols"
+---
+# CA5364: Do not use deprecated security protocols
+
+|||
+|-|-|
+|TypeName|DoNotUseDeprecatedSecurityProtocols|
+|CheckId|CA5364|
+|Category|Microsoft.Security|
+|Breaking Change|Non Breaking|
+
+## Cause
+
+This rule fires when either of the following conditions are met:
+- A deprecated <xref:System.Net.SecurityProtocolType?displayProperty=nameWithType> value was referenced.
+- An integer value representing a deprecated value was assigned to a <xref:System.Net.SecurityProtocolType> variable.
+
+Deprecated values are:
+- Ssl3
+- Tls
+- Tls10
+- Tls11
+
+## Rule description
+
+Transport Layer Security (TLS) secures communication between computers, most commonly with Hypertext Transfer Protocol Secure (HTTPS). Older protocol versions of TLS are less secure than TLS 1.2 and TLS 1.3, and are more likely to have new vulnerabilities. Avoid older protocol versions to minimize risk. For guidance on identifying and removing deprecated protocol versions, see [Solving the TLS 1.0 Problem, 2nd Edition](/security/solving-tls1-problem).
+
+## How to fix violations
+
+Don't use deprecated TLS protocol versions.
+
+## When to suppress warnings
+
+You can suppress this warning if:
+- The reference to the deprecated protocol version isn't being used to enable a deprecated version.
+- You need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
+
+## Pseudo-code examples
+
+### Violation
+
+```csharp
+using System;
+using System.Net;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        // CA5364 violation
+        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
+    }
+}
+```
+
+```vb
+Imports System
+Imports System.Net
+
+Public Class TestClass
+    Public Sub ExampleMethod()
+        ' CA5364 violation
+        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12
+    End Sub
+End Class
+```
+
+### Violation
+
+```csharp
+using System;
+using System.Net;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        // CA5364 violation
+        ServicePointManager.SecurityProtocol = (SecurityProtocolType) 768;    // TLS 1.1
+    }
+}
+```
+
+```vb
+Imports System
+Imports System.Net
+
+Public Class TestClass
+    Public Sub ExampleMethod()
+        ' CA5364 violation
+        ServicePointManager.SecurityProtocol = CType(768, SecurityProtocolType)   ' TLS 1.1
+    End Sub
+End Class
+```
+
+### Solution
+
+```csharp
+using System;
+using System.Net;
+
+public class TestClass
+{
+    public void TestMethod()
+    {
+        // Let the operating system decide what TLS protocol version to use.
+        // See https://docs.microsoft.com/dotnet/framework/network-programming/tls
+    }
+}
+```
+
+```vb
+Imports System
+Imports System.Net
+
+Public Class TestClass
+    Public Sub ExampleMethod()
+        ' Let the operating system decide what TLS protocol version to use.
+        ' See https://docs.microsoft.com/dotnet/framework/network-programming/tls
+    End Sub
+End Class
+```
+
+## Related rules
+
+[CA5386: Avoid hardcoding SecurityProtocolType value](ca5386.md)
@@ -0,0 +1,95 @@
+---
+title: "CA5378: Do not disable ServicePointManagerSecurityProtocols"
+description: Provides information about code analysis rule CA5378, including causes, how to fix violations, and when to suppress it.
+ms.date: 07/12/2019
+ms.topic: reference
+author: dotpaul
+ms.author: paulming
+manager: jillfra
+dev_langs:
+ - CSharp
+ - VB
+ms.workload:
+  - "multiple"
+f1_keywords:
+  - "CA5378"
+  - "DoNotSetSwitch"
+---
+# CA5378: Do not disable ServicePointManagerSecurityProtocols
+
+|||
+|-|-|
+|TypeName|DoNotSetSwitch|
+|CheckId|CA5378|
+|Category|Microsoft.Security|
+|Breaking Change|Non Breaking|
+
+## Cause
+
+A <xref:System.AppContext.SetSwitch%2A?displayProperty=nameWithType> method call sets `Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols` to `true`.
+
+## Rule description
+
+Setting `Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols` to `true` limits Windows Communication Framework's (WCF) Transport Layer Security (TLS) connections to using TLS 1.0. That version of TLS will be deprecated. For more information, see [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls#switchsystemservicemodeldisableusingservicepointmanagersecurityprotocols).
+
+## How to fix violations
+
+- If your application targets .NET Framework v4.7 or later, you can either remove the <xref:System.AppContext.SetSwitch%2A?displayProperty=nameWithType> method call, or set the switch's value to `false`.
+- If your application targets .NET Framework v4.6.2 or earlier and runs on .NET Framework v4.7 or later, set the switch's value to `false`.
+- Otherwise, refer to [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls) for mitigations.
+
+## When to suppress warnings
+
+You can suppress this warning if you need to connect to a legacy service that can't be upgraded to use secure TLS configurations.
+
+## Pseudo-code examples
+
+### Violation
+
+```csharp
+using System;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        // CA5378 violation
+        AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", true);
+    }
+}
+```
+
+```vb
+Imports System
+
+Public Class ExampleClass
+    Public Sub ExampleMethod()
+        ' CA5378 violation
+        AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", true)
+    End Sub
+End Class
+```
+
+### Solution
+
+```csharp
+using System;
+
+public class ExampleClass
+{
+    public void ExampleMethod()
+    {
+        AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", false);
+    }
+}
+```
+
+```vb
+Imports System
+
+Public Class ExampleClass
+    Public Sub ExampleMethod()
+        AppContext.SetSwitch("Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols", false)
+    End Sub
+End Class
+```