Ciphersuite showing only invalid values in powershell

JBVBO 6 Reputation points
2022-07-05T08:00:34.373+00:00

I have multiple VMs within the azure cloud. All of them, except one, are unable to make requests to certain services using SSL with the message

Invoke-Webrequest : The request was aborted: Could not create SSL/TLS secure channel.

I already tried all suggested solutions from setting System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; to messing with registry settings.

Now I noticed that the cipher suites on the servers are very different.

Not working:

KeyType               : 0  
Certificate           :  
MaximumExchangeLength : 0  
MinimumExchangeLength : 0  
Exchange              :  
HashLength            : 0  
Hash                  :  
CipherBlockLength     : 0  
CipherLength          : 0  
BaseCipherSuite       : 0  
CipherSuite           : 0  
Cipher                :  
Name                  : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  
Protocols             : {}  

Working

KeyType               : 0  
Certificate           : RSA  
MaximumExchangeLength : 65536  
MinimumExchangeLength : 0  
Exchange              : ECDH  
HashLength            : 0  
Hash                  :  
CipherBlockLength     : 16  
CipherLength          : 128  
BaseCipherSuite       : 49199  
CipherSuite           : 49199  
Cipher                : AES  
Name                  : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  
Protocols             : {771, 65277}  

Why is this happening and how can I fix it?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,347 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
6,845 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JBVBO 6 Reputation points
    2022-07-08T10:51:10.233+00:00

    Finally fixed it by using the following tool: https://www.nartac.com/Products/IISCrypto/

    I disabled all cypher suites, restarted the VM, re-enabled all cypher suites, and restarted once more. Works now, although I would be interested in why this happened in the first place.

    1 person found this answer helpful.

  2. Limitless Technology 39,216 Reputation points
    2022-07-06T09:07:34.367+00:00

    Hi there,

    The cause of the error is Powershell by default uses TLS 1.0 to connect to website, but website security requires TLS 1.2. You can change this behavior with running any of the below command to use all protocols. You can also specify single protocol.

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3 [Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"

    ----------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--