FrendsPlatform · MatteoDelOmbra · May 6, 2026 · May 5, 2026 · May 5, 2026 · May 6, 2026
diff --git a/Frends.HTTP.Request/CHANGELOG.md b/Frends.HTTP.Request/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [1.10.0] - 2026-05-05
+
+### Added
+
+- Added `SslProtocolVersion` option to control the TLS version used for secure connections. Supported values: `Default` (OS decides, preserves previous behavior), `Tls12`, `Tls13`, `Tls12And13`.
+- Added `HttpProtocolVersion` option to control the HTTP protocol version used for requests.   Supported values: `Http11` (default, preserves previous behavior), `Http20` (requires server-side HTTP/2 support via ALPN; no fallback to HTTP/1.1).
+
 ## [1.9.0] - 2026-04-15
 
 ### Fixed

diff --git a/Frends.HTTP.Request/Frends.HTTP.Request.Tests/UnitTests.cs b/Frends.HTTP.Request/Frends.HTTP.Request.Tests/UnitTests.cs
@@ -456,4 +456,20 @@ public async Task RestRequest_JsonContentType_ShouldStillReturnJToken()
         ClassicAssert.IsInstanceOf<JToken>(result.Body);
         ClassicAssert.AreEqual(200, result.StatusCode);
     }
+
+    [TestMethod]
+    public async Task RequestShouldSetTls12And13WhenConfigured()
+    {
+        var input = GetInputParams(url: $"{BasePath}/anything");
+        var options = new Options
+        {
+            ConnectionTimeoutSeconds = 60,
+            SslProtocolVersion = SslVersion.Tls12And13,
+            HttpProtocolVersion = Definitions.HttpVersion.Http20
+        };
+
+        var result = await HTTP.Request(input, options, CancellationToken.None);
+
+        ClassicAssert.AreEqual(200, result.StatusCode);
+    }
 }
diff --git a/Frends.HTTP.Request/Frends.HTTP.Request/Definitions/HttpVersion.cs b/Frends.HTTP.Request/Frends.HTTP.Request/Definitions/HttpVersion.cs
@@ -0,0 +1,18 @@
+namespace Frends.HTTP.Request.Definitions
+{
+    /// <summary>
+    /// HTTP protocol version used for requests.
+    /// </summary>
+    public enum HttpVersion
+    {
+        /// <summary>
+        /// HTTP/1.1 - default, widely supported.
+        /// </summary>
+        Http11,
+        /// <summary>
+        /// HTTP/2 - multiplexed, requires server support. 
+        /// If the server does not support HTTP/2 via ALPN, the request will fail with an exception instead of falling back to HTTP/1.1.
+        /// </summary>
+        Http20
+    }
+}
diff --git a/Frends.HTTP.Request/Frends.HTTP.Request/Definitions/Options.cs b/Frends.HTTP.Request/Frends.HTTP.Request/Definitions/Options.cs
@@ -142,4 +142,19 @@ public class Options
     /// <example>true</example>
     [DefaultValue(true)]
     public bool CacheHttpClient { get; set; } = true;
+
+    /// <summary>
+    /// HTTP protocol version to use for requests. HTTP/1.1 is the default and most compatible option.
+    /// </summary>
+    /// <example>Http11</example>
+    [DefaultValue(HttpVersion.Http11)]
+    public HttpVersion HttpProtocolVersion { get; set; } = HttpVersion.Http11;
+
+    /// <summary>
+    /// SSL/TLS protocol version to use for secure connections. Default lets the OS decide, which matches previous behavior.
+    /// Use Tls12 or Tls12And13 if the server requires a specific version.
+    /// </summary>
+    /// <example>Default</example>
+    [DefaultValue(SslVersion.Default)]
+    public SslVersion SslProtocolVersion { get; set; } = SslVersion.Default;
 }
diff --git a/Frends.HTTP.Request/Frends.HTTP.Request/Definitions/SslVersion.cs b/Frends.HTTP.Request/Frends.HTTP.Request/Definitions/SslVersion.cs
@@ -0,0 +1,25 @@
+namespace Frends.HTTP.Request.Definitions
+{
+    /// <summary>
+    /// SSL/TLS protocol version used for secure connections.
+    /// </summary>
+    public enum SslVersion
+    {
+        /// <summary>
+        /// OS decides the protocol version.
+        /// </summary>
+        Default,
+        /// <summary>
+        /// TLS 1.2 only.
+        /// </summary>
+        Tls12,
+        /// <summary>
+        /// TLS 1.3 only.
+        /// </summary>
+        Tls13,
+        /// <summary>
+        /// TLS 1.2 and TLS 1.3 - use when server compatibility is uncertain.
+        /// </summary>
+        Tls12And13
+    }
+}
diff --git a/Frends.HTTP.Request/Frends.HTTP.Request/Extensions.cs b/Frends.HTTP.Request/Frends.HTTP.Request/Extensions.cs
@@ -1,12 +1,13 @@
-using System;
+using Frends.HTTP.Request.Definitions;
+using System;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Linq;
-using System.Net.Http;
 using System.Net;
+using System.Net.Http;
+using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;
-using Frends.HTTP.Request.Definitions;
-using System.Diagnostics.CodeAnalysis;
 
 namespace Frends.HTTP.Request;
 
@@ -47,6 +48,14 @@ internal static void SetHandlerSettingsBasedOnOptions(this HttpClientHandler han
         {
             handler.ServerCertificateCustomValidationCallback = (a, b, c, d) => true;
         }
+
+        handler.SslProtocols = options.SslProtocolVersion switch
+        {
+            SslVersion.Tls12 => SslProtocols.Tls12,
+            SslVersion.Tls13 => SslProtocols.Tls13,
+            SslVersion.Tls12And13 => SslProtocols.Tls12 | SslProtocols.Tls13,
+            _ => SslProtocols.None
+        };
     }
 
     internal static void SetDefaultRequestHeadersBasedOnOptions(this HttpClient httpClient, Options options)
@@ -55,6 +64,18 @@ internal static void SetDefaultRequestHeadersBasedOnOptions(this HttpClient http
         httpClient.DefaultRequestHeaders.ExpectContinue = false;
         httpClient.DefaultRequestHeaders.TryAddWithoutValidation("content-type", "application/json");
         httpClient.Timeout = TimeSpan.FromSeconds(Convert.ToDouble(options.ConnectionTimeoutSeconds));
+
+        httpClient.DefaultRequestVersion = options.HttpProtocolVersion switch
+        {
+            Definitions.HttpVersion.Http20 => System.Net.HttpVersion.Version20,
+            _ => System.Net.HttpVersion.Version11
+        };
+
+        httpClient.DefaultVersionPolicy = options.HttpProtocolVersion switch
+        {
+            Definitions.HttpVersion.Http20 => HttpVersionPolicy.RequestVersionExact,
+            _ => HttpVersionPolicy.RequestVersionOrLower
+        };
     }
 
     private static X509Certificate[] GetCertificates(Options options, ref X509Certificate2[] certificates)

diff --git a/Frends.HTTP.Request/Frends.HTTP.Request/Frends.HTTP.Request.csproj b/Frends.HTTP.Request/Frends.HTTP.Request/Frends.HTTP.Request.csproj
@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net6.0</TargetFramework>
-		<Version>1.9.0</Version>
+		<Version>1.10.0</Version>
 		<Authors>Frends</Authors>
 		<Copyright>Frends</Copyright>
 		<Company>Frends</Company>

diff --git a/Frends.HTTP.Request/Frends.HTTP.Request/Request.cs b/Frends.HTTP.Request/Frends.HTTP.Request/Request.cs
@@ -254,7 +254,8 @@ private static string GetHttpClientCacheKey(Options options)
                + $":{options.ClientCertificateFilePath}:{options.ClientCertificateInBase64}:{options.ClientCertificateKeyPhrase}"
                + $":{options.CertificateThumbprint}:{options.LoadEntireChainForCertificate}:{options.ConnectionTimeoutSeconds}"
                + $":{options.FollowRedirects}:{options.AllowInvalidCertificate}:{options.AllowInvalidResponseContentTypeCharSet}"
-               + $":{options.ThrowExceptionOnErrorResponse}:{options.AutomaticCookieHandling}";
+               + $":{options.ThrowExceptionOnErrorResponse}:{options.AutomaticCookieHandling}"
+               + $":{options.SslProtocolVersion}:{options.HttpProtocolVersion}";
     }
 
     private static async Task<HttpResponseMessage> GetHttpRequestResponseAsync(