question

sajithgh avatar image
2 Votes"
sajithgh asked JonathasSucupira-3482 commented

The request was aborted: Could not create SSL/TLS secure channel

.Net Class Library is based on 4.5 and using HtmlAgilityPack, I was calling an https URL and it was working fine.

After the website is updated and will not support old browsers which are not TLS v1.2 compliant. Getting the error -

The request was aborted: Could not create SSL/TLS secure channel

Tried below article, still it is not working

https://kevinchalet.com/2019/04/11/forcing-an-old-net-application-to-support-tls-1-2-without-recompiling-it/

dotnet-runtime
· 14
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The linked article said that clearly - updated to v4.7+ will make it work by default. Is there any reason that prevents you to do so?

0 Votes 0 ·

I upgraded to .Net Framework 4.7 from another machine. Still it did not work.

0 Votes 0 ·

works in Windows 10 machine. But I need to run it from Windows Server 2012 R2 Machine. Please advise.

0 Votes 0 ·
Show more comments

Hi @sajithgh ,
As suggested in the document, have you tried to upgrade your application to .NET Framework 4.7 or later versions ?



0 Votes 0 ·

The SharePoint Server is installed on Windows Server 2012 R2 and the configuration as follows

<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>

In VS 2015, there is no option to upgrade to .NET Framework 4.7 and when i did it to .net 4.7 from another machine also the same error persist.


Tried all below option.Still unable to use HtmlAgilityPack. Please suggest

42504-code.png


0 Votes 0 ·
code.png (26.6 KiB)

Hi @sajithgh ,
Considering that you may need to switch to Tls13, try to upgrade your app to .NET Framework 4.8 which has supported Tsl13.

 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;



1 Vote 1 ·
Show more comments
psonnaik avatar image
0 Votes"
psonnaik answered sajithgh edited

@sajithgh add below line prior to the service call
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I tried this. Still not working

 ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
         ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


string URL = "https://xxxxxxxx";
HtmlWeb web = new HtmlWeb();
HtmlDocument doc = web.Load(URL);


Getting the following while running under server


{System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at HtmlAgilityPack.HtmlWeb.Get(Uri uri, String method, String path, HtmlDocument doc, IWebProxy proxy,
at

Also the string URL = "https://xxxxxxxx"; supports only below protocols and cipher
55010-2021-01-10-15-05-26.jpg


0 Votes 0 ·
EvanChatter-2929 avatar image
0 Votes"
EvanChatter-2929 Suspended answered

The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:


ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
SecurityProtocolType.Tls
SecurityProtocolType.Tls11
SecurityProtocolType.Ssl3;


//createing HttpWebRequest after ServicePointManager settings
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DarrenSteven-6579 avatar image
0 Votes"
DarrenSteven-6579 answered sajithgh commented

@sajithgh have you managed to resolve this yet? I'm having exactly the same issue windows server 2012 R2 with .net 4.8 application. If I try to force a tls1.3 connection I get the following message


Exception Details: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm


I believe this is due to windows server 2012 not supporting tls1.3, if I force tls1.2 I get this instead


Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.


The site I'm reading from only supports tls1.2 and 1.3 so I need to make it work with this.

One of the things I recently changed was the SSL Cipher Suite Order, I haven't figured out if this has affected it or not just yet but this is my next point to look at if it helps. I will post another update if I fix it.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The application was not working in Windows 2012. But it was working in Windows 10 and Windows Server 2016.

I tried the below link. I could not solve it. You can give a try. If it gets resolved, please let us now.

https://www.medo64.com/2020/05/using-tls-1-3-from-net-4-0-application/


0 Votes 0 ·
DarrenSteven-6579 avatar image
2 Votes"
DarrenSteven-6579 answered JonathasSucupira-3482 commented

@sajithgh I have managed to resolve the issues on my server by updating the SSL Cipher Suire Order, i had mistakenly removed some of the suites that windows suggested was for TLS1.0 and 1.1 only when in actual fact they were needed for some TLS1.2 connections as well.

I resolved my issues by:

  1. Open Run Prompt and run gpedit.msc

  2. Navigate to "Administrative Templates > Network > SSL Configuration Settings"

  3. Open SSL Cipher Suite Order

  4. Select Enabled

  5. Paste the list of suites below into the text box (make sure there are no spaces)

  6. Click Apply

  7. Restart the server


SSL SUITES:

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA


Note, these suites work for me but you may require other ones for different applications. You should be able to find a full list and more info on the suites here https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel?redirectedfrom=MSDN

I hope this helps to solve your issue

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DarrenSteven-6579 Thank you for this. This solved my issue

0 Votes 0 ·