Thanks for the testing. Could we add a net48 condition to that if to allow that framework version to also to use the 1.3? When you mention that you connected to a TLS 1.3 server and it didn't use TLS 1.3, did you force that as the only TLS version listed in the connection string or did you use the default and it sounds like it used TLS 1.2 (or earlier) to connect?

When I tried to force it, it threw an exception (because it couldn't negotiate a secure connection with the requested TLS version). When I used the defaults, it fell back to TLS 1.2. (This was for both net481 and net7.0 on Windows 10.)

When I added the net48 TFM, I still got a SEC_E_ALGORITHM_MISMATCH exception when trying to connect to my server with TLS 1.3.

This happened both with Azure Database for MySQL 8.0.32 and a local mysql:8.0.34 Docker image. Not sure if there's a different server out there that would support TLS 1.3 with a Windows 10 client, but so far it's looking like adding the net48 TFM wouldn't help at all.

I have a solution. First, I had to enable client support for TLS 1.3 in Windows 10 with these registry keys: https://stackoverflow.com/a/59210166/23633

Once I did that, connecting to a MySQL Server did use the TLS 1.3 protocol (with both net481 and net7.0 clients using MySqlConnector 2.2.7).

However, if I added ;TlsVersion=Tls13 to the connection string and tried to explicitly select that protocol version, the application crashed with Win32Exception (0x80090304): The Local Security Authority cannot be contacted. A similar issue was reported here (but not reproduced and resolved): dotnet/runtime#53537.

Thus, my recommendation would be:

• enable TLS 1.3 in registry
• use MySqlConnector 2.2.7 with your .NET Framework 4.8.1 program
• don't set TlsVersion in the connection string
• a new version of MySqlConnector that supports the TlsVersion=Tls13 option on .NET Framework isn't necessary