1

I using HttpWebRequest\Response for reading web-pages over the Internet. The requests are made in ASP.NET MVC WebApi project (C#) in production server. I found that in some pages (like this one), I got the following exception:

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

So, I checked the SSL validity and found that those pages are have some problems with the SSL (expired, ...).

enter image description here

So, I was looking for solutions in the Internet. Found this solution. Tried two recommended solutions:

First try

Add this code to Global_ASAX (Application_Load event):

    ServicePointManager.ServerCertificateValidationCallback += delegate (object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
                System.Security.Cryptography.X509Certificates.X509Chain chain,
                System.Net.Security.SslPolicyErrors sslPolicyErrors)

Unfortunately, this solution is not working for me. Same exception as before.

Second try

Was to add this code:

HttpWebRequest request = ...;
// ...
request.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

But, again. Same problem.

Third try

I'm even tried to add this config section to my web.config file:

<system.net>
    <settings>
        <httpWebRequest useUnsafeHeaderParsing="true" />
    </settings>
    <connectionManagement>
        <add address="*" maxconnection="255" />
    </connectionManagement>
</system.net>

This wasn't solve my problem.

Now, I got without ideas for another solutions. I tried to use my code in another project. So, I created an empty Console Application and copy the code with the problem. I'm tried to run it locally and now it's working. I tried to run the same problematic ASP.NET project locally, and even this working.

So, The problem is only in my production server. This server is Azure Web App. What it could be?

UPDATE

I made few tests and found that the combination of "First try" with adding this line to Global_ASAX (Application_Load event):

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

is solving the problem even in the production server.

Can you explain this?

I'm really don't like this solution because I'm explicit defining which "Security protocols" I want to deal with. Tomorrow will be a new security protocol that won't be in this list... Still looking for better solution.

Community
  • 1
  • 1
No1Lives4Ever
  • 6,430
  • 19
  • 77
  • 140

1 Answers1

1

Attempt #2 is very close to a solution I have that works using WebRequestHandler and HttpClient.... if using HttpClient is an option this works for me.

var handler = new WebRequestHandler();
handler.ServerCertificateValidationCallback += (sender2, cert, chain, sslPolicyErrors) => true;

var client = new HttpClient(handler);

// do stuff
Borophyll
  • 1,099
  • 2
  • 15
  • 24