Requesting html over https with c# Webclient

Question

I am attempting various html resources via c# WebClient class from a site I have no control over. When I attempt to access urls such as "https://archive.org/details/OTRR_In_The_Name_Of_The_Law_Singles"

I get the error: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

I have found solutions that suggest I use the following code to ignore the certificate requirement and to make the webclient act as a browser, but I still recieve the same error

 ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(
            delegate
            {
                return true;
            });
            using(WebClient webClient = new WebClient()) {
                webClient.Headers["User-Agent"] = "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729)";
                webClient.Headers["Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
                webClient.Headers["Accept-Language"] = "en-us,en;q=0.5";
                webClient.Headers["Accept-Encoding"] = "gzip,deflate";
                webClient.Headers["Accept-Charset"] = "ISO-8859-1,utf-8;q=0.7,*;q=0.7";
                StreamReader sr = new StreamReader(webClient.OpenRead(inputString));
}

I probably am, I am using a hosted server. What would be a solution given I am behind a proxy? — RRadix, Nov 19 '13 at 22:40
Just contacted my friend who hosts my server and he informed me I am not behind a proxy. — RRadix, Nov 19 '13 at 22:43

score 25 · Answer 1 · answered Nov 20 '13 at 13:45

Have a read of this: http://support.microsoft.com/kb/915599

The server you are accessing doesn't support TLS so you will need to force it to use SSL3.

Add the following line to your call:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

Here's a fully working example:

using System;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

class Program
{
    static void Main(string[] args)
    {
        Uri address = new Uri("https://archive.org/details/OTRR_In_The_Name_Of_The_Law_Singles");

        ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 ;

        using (WebClient webClient = new WebClient())
        {
            var stream = webClient.OpenRead(address);
            using (StreamReader sr =new StreamReader(stream))
            {
                var page = sr.ReadToEnd();
            }
        }
    }

    /// <summary>
    /// Certificate validation callback.
    /// </summary>
    private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        // If the certificate is a valid, signed certificate, return true.
        if (error == System.Net.Security.SslPolicyErrors.None)
        {
            return true;
        }

        Console.WriteLine("X509Certificate [{0}] Policy Error: '{1}'",
            cert.Subject,
            error.ToString());

        return false;
    }

KB 915599 targets .NET 1.1 SP 1, and OP is targeting at least .NET 3.5 — mlhDev, Jan 22 '16 at 19:31
There are 4 SecurityProtocolType options: Ssl3, Tls, Tls11, Tls12. I had to try each one to find that Tls12 worked for me. — rvarcher, Jan 04 '18 at 23:24

score 17 · Answer 2 · answered Jan 18 '18 at 09:55

17

in .net Framework 4.0 add

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2

answered Jan 18 '18 at 09:55

Sergey S

171
1
3

Save my time! Thank you! – Konstantin Jul 09 '18 at 05:47
3

This worked for me as well ( `ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;` ). Probably it depends on the server so you should try all values in the SecurityProtocolType enum type https://learn.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.7.2. But also add a `ServerCertificateValidationCallback` that returns true as in the other responses. – Alex P. Nov 20 '18 at 18:03
This is the only way to specify anything other than Ssl or Tls, for me (VS 2017) – Lazy Babe Mar 31 '20 at 19:31

score 5 · Answer 3 · answered Mar 03 '17 at 08:47

5

Just add this line before var stream = webClient.OpenRead(address);

System.Net.ServicePointManager.ServerCertificateValidationCallback += (send, certificate, chain, sslPolicyErrors) => { return true; };

That should sort out the SSL/TLS error

answered Mar 03 '17 at 08:47

Pierre

8,397
4
64
80

The advice you give ignores certificate errors, so is probably not wise. – David Martin Oct 07 '17 at 10:50
1

@DavidMartin Agreed. But it all depends on the context it is used in. Sometimes it does not matter if it is secured or not. But everyone to their own I guess. – Pierre Oct 08 '17 at 10:47
10

@Pierre I followed your advice and someone downloaded my car. – H. Abraham Chavez Jun 14 '18 at 21:10

Yannick Turbang · Answer 4 · 2019-10-31T09:27:14.670

1

I tried this example and received the error "The request was aborted: Could not create SSL/TLS secure channel"

To fix this problem it's possible to change the SecurityProtocol in my case Tls12 and it's working good.

edited Oct 31 '19 at 09:27

answered Oct 31 '19 at 09:05

Yannick Turbang

378
4
8

Requesting html over https with c# Webclient

4 Answers4

Linked