Issue during calling REST request via TLS 1.2 protocol

1
votes

I am trying to inplement REST request via TLS 1.2 protocol and getting issue:

The request was aborted: Could not create SSL/TLS secure channel

1) Application is hosted on Windows 2016 server

2) Register has enabled server and client configuration enabled in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2 folder

3) Application forced to use TLS protocol

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

4) Application is running on .Net 4.7

I would be appropritiate with any ideas

Thanks

1
.netvb.nettls1.2
.net or VBA, but not both? Are you using VB.NET ?Tim Williams
Correct, VB.NetPavel Zimogorov
Have you tried it adding a the callback that validates the Server certificate(s): ServicePointManager.ServerCertificateValidationCallback (you usually test it just returning true).Jimi

1 Answers

0
votes

Make sure to check all these registry settings

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.2\Server

In general, The WCF framework automatically chooses the highest protocol available up to TLS 1.2 unless you explicitly configure a protocol version. But calling REST API might have a different behavior although we have not noticed that.

This was not required in our case:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

But this was:

<system.web>
    <compilation targetFramework="4.6" />
    <httpRuntime targetFramework="4.6" />
    <customErrors mode="Off" />   </system.web>

As well as this one:

<basicHttpBinding>
        <binding name="HTTPSEndpoint" messageEncoding="Text">
          <security mode="Transport">
            <transport clientCredentialType="None" proxyCredentialType="None" />
          </security>
        </binding>

Hope this helps.

References:

Enable TLS 1.2 for specific Ciphers

.Net Framework 4.6.1 not defaulting to TLS 1.2

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls https://blogs.msdn.microsoft.com/friis/2017/10/09/troubleshooting-tls-ssl-scenario-2/ https://textslashplain.com/2015/10/12/viewing-https-handshakes-in-fiddler/