TLS 1.2 error Could not create SSL/TLS secure channel

1
votes

I am trying to integrate Salesforce with .Net API using .Net 4.5.2. My API running on the server which has Windows 2008 R2 and I checked in internet properties TLS 1.2 is checked also I have checked from this link and I get Probably Ok back. Which means I do have TLS 1.2 enable in my server.

In .Net API I have added below code 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

When I try to connect I get following error 

The request was aborted: Could not create SSL/TLS secure channel.

For testing I started using ASP.net web to integrate with this API and I do get same error but if I change above code to allow all protocols 

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3
  | SecurityProtocolType.Tls
  | SecurityProtocolType.Tls11
  | SecurityProtocolType.Tls12;

I don't get any error and I can connect to my API. Which explains my server not able to establish connection on TLS 1.2. What have I missed here?

2
asp.netssl.net-4.5tls1.2
Possible duplicate: Default SecurityProtocol in .NET 4.5VMAtm

2 Answers

2
votes

It looks like the problem is in the client, not the server. You can see that the Microsoft blogs suggest exactly the code you've already use:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

For .Net 4.0 with 4.5 installed on the machine you can use this:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

For earlier version of .Net there are some patches to use the TLS 1.2.

Related questions:

1
votes

I have faced the similar issue for payment transactions. Issue resolved with only registry changes and no code change. Web Instance(Server) is hosted in Microsoft Azure. Used .NET version 4.5. Using payment APIs for BPOINT & PayPal. Following are the registry changes carried out to resolve the issue:

Step 1: Enable TLS1.2 on Client and Server

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 00000001 /f    
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v DisabledByDefault /t REG_DWORD /d 00000000 /f  
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 00000001 /f    
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v DisabledByDefault /t REG_DWORD /d 00000000 /f

Step 2: Disable TLS1.1 on Client and Server

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 00000000 /f    
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v DisabledByDefault /t REG_DWORD /d 00000001 /f  
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 00000000 /f    
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v DisabledByDefault /t REG_DWORD /d 00000001 /f

Step 3: Enable Strong Cryptography for >NET framework

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 00000001 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 00000001 /f