Google Analytics Access Token - TLS 1.1+

Question

I'm using C# to request an access token from Google:

string serviceAccountEmail = ConfigurationManager.AppSettings["analyticsServiceAccountEmail"].ToString();
      string securityKey = ConfigurationManager.AppSettings["analyticsSecurityKeyLocation"].ToString();
      string password = ConfigurationManager.AppSettings["analyticsSecurityPassword"].ToString();

      var certificate = new X509Certificate2(securityKey, password, X509KeyStorageFlags.Exportable);

      var scopes = new List<string> { "https://www.googleapis.com/auth/analytics.readonly", "https://www.googleapis.com/auth/analytics" };

      ServiceAccountCredential credential = new ServiceAccountCredential(
         new ServiceAccountCredential.Initializer(serviceAccountEmail)
         {
           Scopes = scopes
         }.FromCertificate(certificate));

      Task<bool> task = credential.RequestAccessTokenAsync(CancellationToken.None);

      task.Wait();

      if (!task.Result || credential.Token == null || string.IsNullOrEmpty(credential.Token.AccessToken))
      {
        throw new Exception("Failed to get token from Google");
      }

      return credential.Token.AccessToken;

I had to disable TLS 1.0 for PCI compliance. Since I have done that, this code is breaking with the following error:

One or more errors occurred.: An error occurred while sending the request.: The underlying connection was closed: An unexpected error occurred on a receive.: The client and server cannot communicate, because they do not possess a common algorithm

Any suggestions as to how I can make the call using TLS 1.1+?

check out this [link](https://github.com/LindaLawton/Google-Dotnet-Samples/tree/master/Google-Analytics). It has good info on this. — Phil, Feb 16 '16 at 12:01

score 0 · Answer 1 · edited May 23 '17 at 10:28

0

It has to be done in Application_start through Global.asax:

Please read this before you make change : How do I disable SSL fallback and use only TLS for outbound connections in .NET? (Poodle mitigation)

The way to do it is :

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 Or SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12

This will turn on communication support for SSL3, falling back to TLS 1.1 or TLS 1.2 as applicable.

edited May 23 '17 at 10:28

Community

1
1

answered Feb 17 '16 at 21:41

dhruvpatel

1,249
2
15
23

Isn't SSL 3.0 less secure than TLS 1.1? In any case I only want TLS 1.1+. When I do this the call to Google Analytics fails. It only works if I enable TLS 1.0. – user472292 Feb 18 '16 at 01:44

Google Analytics Access Token - TLS 1.1+

1 Answers1