Issues making a TLS 1.2 request with .NET Framework 4.7+

About

Asked 11/5, 2022 at 17:8 Answered 12/5, 2022 at 13:59

We have a .NET 4.7+ application running on an Azure Cloud App Service. When we try to call and API that has TLS 1.2 minimum, using HttpWebRequest, we get a "The request was aborted: Could not create SSL/TLS secure channel" error. What I have read so far:

Microsoft strongly advises against hard coding ServicePointManager.SecurityProtocol, so I'm trying to avoid that solution unless it's absolutely necessary. Microsoft's guide
.NET 4.7+ should default to TLS 1.2 or use the OS configuration. On my Azure app, TLS 1.2 is set as the minimum Microsoft's guide

What can be causing my app to be using a lower TLS version? I have searched the code and could not find a manual TLS configuration anywhere. Is setting ServicePointManager.SecurityProtocol really my only solution?

Fondness answered 11/5, 2022 at 17:8 Comment(4)

What does 4.7+ mean, in practice, since that's not a real version (you should target at least .Net Fx 4.8)? Did you actually verify what TLS version was negotiated? Note that the TLS handshake can also fail with that error because the two parties could not agree on the required Cipher Suites, not just the Protocol. So, does it fail all requests, or just some / one specific? -- Forcing ServicePointManager.SecurityProtocol is sometime required (in older Windows Systems, mainly) – Wolcott 11/5, 2022 at 17:19

What type of machine are you using? If you are using a phone the kernel may need updating. The certificate has an encryption mode and the OS has to support the encryption. TLS the server sends a certificate block to client which contains the names of the certificates. The client then looks up in the stores for any one of the names in the block. So certificate has to be the same on client and server. The certificate block is not encrypted and can be viewed in a sniffer. – Superintendency 11/5, 2022 at 18:10

@Superintendency it´s an Azure App Service, I think the OS is Windows Server 2020 – Fondness 11/5, 2022 at 18:19

Are you referring about client or server? Both client and server have to be able to support the encryption mode. Microsoft is very good at upgrading windows to support every encryption mode. So I think the issue is in the client and suspect the client isn't windows (or doesn't get upgraded regularly). – Superintendency 12/5, 2022 at 8:46

Add This In your code:

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12

If you have executable file simply update the associated configuration file, this file always named as [name of the executable].exe.config. If there's no such file, create one.

Once located or created, update its content to enable the compatibility switch required to support TLS 1.2:

<?xml version="1.0" encoding="utf-8" ?>
 <configuration>
  <runtime>
  <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
  </runtime>
</configuration>

Precession answered 12/5, 2022 at 13:59 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags