TLS 1.2 connection fails for .Net app

Steve Lewis 1 Reputation point
2021-07-19T20:21:36.47+00:00

I'm working on a product that is deployed in a FedRAMP environment and consists of a mix of API services implemented on Windows and Linux as well as a web application running on IIS. The web application sends REST requests to the API services, but I receive this error: "Could not create SSL/TLS secure channel". I'm using TLS 1.2 for these REST requests.

If I send the same API request in Powershell (e.g. Invoke-RestMethod), I receive the same TLS channel error. However, sending that same REST request using curl.exe (mingw library) from a command prompt succeeds with no error. The fact that the curl request succeeds leads me to think that the problem is not related to a certificate issue or something related to the networking infrastructure between the windows web server and the windows/linux api servers.

I've been unable to identify the cause of the error. The cipher being used for the TLS connection is in the allowed set defined in the registry (\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002). I don't find any indication that the problem is related to the certificates being used.

What could be causing this TLS connection error from .Net-based applications while 'raw' requests (via curl.exe) succeed?

.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,161 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Evgenij Smirnov 541 Reputation points
    2021-07-19T20:45:03.37+00:00

    Hi,

    this should help: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-appcontext-switches-for-net-framework-46-or-later-versions

    For PowerShell, add
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    prior to the first API call.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.