The request was aborted: Could not create SSL/TLS secure channel

Sajith Gopalakrishnan Hema 1,181 Reputation points
2020-11-24T13:02:23.38+00:00

.Net Class Library is based on 4.5 and using HtmlAgilityPack, I was calling an https URL and it was working fine.

After the website is updated and will not support old browsers which are not TLS v1.2 compliant. Getting the error -

The request was aborted: Could not create SSL/TLS secure channel

Tried below article, still it is not working

https://kevinchalet.com/2019/04/11/forcing-an-old-net-application-to-support-tls-1-2-without-recompiling-it/

.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: The period of time during which a program is being executed in a computer.
957 questions
{count} votes

4 answers

Sort by: Most helpful
  1. Darren Steven 11 Reputation points
    2021-10-28T13:33:00.637+00:00

    @Sajith Gopalakrishnan Hema I have managed to resolve the issues on my server by updating the SSL Cipher Suire Order, i had mistakenly removed some of the suites that windows suggested was for TLS1.0 and 1.1 only when in actual fact they were needed for some TLS1.2 connections as well.

    I resolved my issues by:

    1. Open Run Prompt and run gpedit.msc
    2. Navigate to "Administrative Templates > Network > SSL Configuration Settings"
    3. Open SSL Cipher Suite Order
    4. Select Enabled
    5. Paste the list of suites below into the text box (make sure there are no spaces)
    6. Click Apply
    7. Restart the server

    SSL SUITES:

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA

    Note, these suites work for me but you may require other ones for different applications. You should be able to find a full list and more info on the suites here https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel?redirectedfrom=MSDN

    I hope this helps to solve your issue


  2. Prashant Sonnaik 1 Reputation point
    2020-12-06T07:37:11.873+00:00

    @Sajith Gopalakrishnan Hema add below line prior to the service call
    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;


  3. Evan Chatter 11 Reputation points
    2021-10-18T05:45:15.067+00:00

    The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:

    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
    SecurityProtocolType.Tls
    SecurityProtocolType.Tls11
    SecurityProtocolType.Ssl3;

    //createing HttpWebRequest after ServicePointManager settings
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

    If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.

    No comments

  4. Darren Steven 11 Reputation points
    2021-10-27T14:05:06.963+00:00

    @Sajith Gopalakrishnan Hema have you managed to resolve this yet? I'm having exactly the same issue windows server 2012 R2 with .net 4.8 application. If I try to force a tls1.3 connection I get the following message

    Exception Details: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

    I believe this is due to windows server 2012 not supporting tls1.3, if I force tls1.2 I get this instead

    Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

    The site I'm reading from only supports tls1.2 and 1.3 so I need to make it work with this.

    One of the things I recently changed was the SSL Cipher Suite Order, I haven't figured out if this has affected it or not just yet but this is my next point to look at if it helps. I will post another update if I fix it.