Login/Register
What could cause "The certificate key algorithm is not supported" exception on a GET web request
Asked Answered
Solved c#facebook-graph-apiwindows-server-2012
T

1

7

We are trying to connect to the facebook api from a asp .net MVC 4.6 app using a standard webrequest. Everything works fine on all but one of our servers. The server in question is running windows 2012 and IIS 8.

On this particular server we get the following exception when running a GET webrequest to facebook.

The certificate key algorithm is not supported.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NotSupportedException: The certificate key algorithm is not supported.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[NotSupportedException: The certificate key algorithm is not supported.] System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +409 System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +213

[WebException: The underlying connection was closed: An unexpected error occurred on a send.]
System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +894 System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +92

[HttpRequestException: An error occurred while sending the request.]
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +96 System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +49

The code looks like this:

    // Request
    private static async Task<T> Request<T>(string url) where T : class
    {
        using (var handler = new WebRequestHandler())
        {
            handler.ServerCertificateValidationCallback = delegate { return true; };
            using (var client = new HttpClient(handler) { Timeout = System.TimeSpan.FromSeconds(20) })
            {
                client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                var result = await client.GetAsync(url);
                if (result == null) return null;
                var model = await result.Content.ReadAsAsync<T>();
                return model;
            }
        }
    }

We are scratching our heads as to why this works on all but one of our servers.

Does anyone have any ideas what might cause this error and how to resolve it.

Thanks.

Throe answered 1/6, 2015 at 14:29 Comment(1)
It appears this only occurs when the site uses ECC (elliptic curves cryptography) in their certificate.Throe
S
8

I managed to replicate the problem and it appears to be bug in network tracing which causes X509Certificate2.ToString(true) to be set which intern throws the exception.

The only solution I have found is to delete the whole ‘System.Dianositics’ section which will disable the logging.

Sherris answered 3/6, 2015 at 8:52 Comment(4)
Thanks, we narrowed it down to removing <switches> <add name="System.Net" value="Verbose"/>Throe
Bizzare. I disabled logs and exception is gone... What a wonderful BCL :)Merited
I don't have system.diagnostics in web.config at all, but issuing same issue on the server. same code working well on my local machine, but failing on two different servers (win 2012)Eer
Disabling the diagnostics on our azure web role fixed our issue. Exactly same symptoms as above. Worked everywhere except one machine. For us the problem only turned up when one of our downstream api targets updated their SSL cert. Worked fine for two years, then bang.Mashhad

© 2022 - 2024 — McMap. All rights reserved.