This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 15%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I have multiple VMs within the azure cloud. All of them, except one, are unable to make requests to certain services using SSL with the message
Invoke-Webrequest : The request was aborted: Could not create SSL/TLS secure channel.
I already tried all suggested solutions from setting System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; to messing with registry settings.
Now I noticed that the cipher suites on the servers are very different.
Not working:
KeyType : 0
Certificate :
MaximumExchangeLength : 0
MinimumExchangeLength : 0
Exchange :
HashLength : 0
Hash :
CipherBlockLength : 0
CipherLength : 0
BaseCipherSuite : 0
CipherSuite : 0
Cipher :
Name : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Protocols : {}
Working
KeyType : 0
Certificate : RSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange : ECDH
HashLength : 0
Hash :
CipherBlockLength : 16
CipherLength : 128
BaseCipherSuite : 49199
CipherSuite : 49199
Cipher : AES
Name : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Protocols : {771, 65277}
Why is this happening and how can I fix it?
Finally fixed it by using the following tool: https://www.nartac.com/Products/IISCrypto/
I disabled all cypher suites, restarted the VM, re-enabled all cypher suites, and restarted once more. Works now, although I would be interested in why this happened in the first place.
Glad to hear that issue is resolved.
Thanks for sharing the resolution for the benefit of community.
Hi there,
The cause of the error is Powershell by default uses TLS 1.0 to connect to website, but website security requires TLS 1.2. You can change this behavior with running any of the below command to use all protocols. You can also specify single protocol.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3 [Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"
----------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
Hi,
As I stated in the question, that was already tried. The question is primarily about the differences in cipher suites displayed by the powershell command Get-TlsCipherSuites.