Problems after deactivation TLS 1.0 on IIS 6 (Windows Server 2008r2)

Question

Deactivated the TLS 1.0 on our webserver to use TLS 1.2. After that the website does have problems, when it comes to the transaction. I tried different things like

• Installed all pending Windows Updates
• Upgraded IIS 6 to version 7
• Recompiled the whole project as 4.5 and re-imported it in IIS
• Deactivated the .NET 3 feature in the IIS
• Updating all Project target Frameworks to 4.5
• Controlled Application pool and set it to v4.0 (it should use 4.5)

First it seems like a problem with the application. But then I tried the project in debug mode in VS and everything worked? Compared to the server which falls back to SSL3 instead of using TLS 1.1 or TLS 1.2. (It seems like there is missing some feature and the by Technet named registry keys are not enough.)

I think the problem could be the use of some classes like

(HttpApplication.cs)

• System.Web
• System.Web.Security

Because of the lack of experience I came to the conclusion to ask you about the problem. Do you maybe have any more ideas?

Some other things just came into mind: There was one Project in the VS which used .NET 4.0. I changed the target framework and then the project does have problems to find some namespace. (all project does have the same target framework (.Net) at this time). The namespaces did exist but VS wasn't able to find it. So I rebuild, cleaned the solution but it didn't help. Then I closed VS and re-opened it. Suddenly the project did work. The framework is 4.0 in the properties. (Maybe this could be a problem too?)

Since I am under pressure of time, I am grateful for any help.

---

EDIT: Is there maybe an easy way to test things out (TLS test) and displaying the used .Net version?

---

EDIT2: Found a solution to test out the framework with a nuget package. http://haacked.com/archive/2010/12/05/asp-net-mvc-diagnostics-using-nuget.aspx/ (will try that later)

I also managed to step through the breakpoints with remote debugging and found where the failure happens. There is a file "References.cs" with this head:

//------------------------------------------------------------------------------
// <auto-generated>
//     This code was generated by a tool.
//     Runtime Version:4.0.30319.18034
//
//     Changes to this file may cause incorrect behavior and will be lost if
//     the code is regenerated.
// </auto-generated>
//------------------------------------------------------------------------------
// This source code was auto-generated by Microsoft.VSDesigner, Version 4.0.30319.18034.
// 
#pragma warning disable 1591

where this code creates the problem:

/// <remarks/>
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("", RequestNamespace="http://....", ResponseNamespace="http://....", Use=System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
[return: System.Xml.Serialization.XmlElementAttribute("out", Form=System.Xml.Schema.XmlSchemaForm.Unqualified)]
public PaymentResult SelectPayment([System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] uint merchantID, [System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] string mdxi, [System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] string getDataURL, [System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] string tid) {
object[] results = this.Invoke("SelectPayment", new object[] {
                    merchantID,
                    mdxi,
                    getDataURL,
                    tid});
return ((PaymentResult)(results[0]));
}

The object "results" never get a value. I pressed F1 to see what the Invoke is doing and this site opens: https://msdn.microsoft.com/query/dev14.query?appId=Dev14IDEF1&l=EN-US&k=k(System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke);k(SolutionItemsProject);k(TargetFrameworkMoniker-.NETFramework,Version%3Dv4.5);k(DevLang-csharp)&rd=true

---

EDIT3: It seems like the Invoke is the reference

System.Web.Services

But in the project the version is

Runtime Version: v4.0.30319 Version: 4.0.0.0

I think this is the problem because it should be 4.5...

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

Answer 1

I finally was able to fix the problem. What I did was adding some try-catch before the return of the method

try
    {
        result = SelectPayment(...);
    }
    catch (System.Web.Services.Protocols.SoapException e)
    {
        Logger.Error("[SelectPayment]: Can't Invoke XML Web service method synchronisly using " + e);
    }
    catch (System.InvalidOperationException e)
    {
        Logger.Error("[SelectPayment]: Can't Invoke XML Web service method synchronisly using " + e);
    }
return result;

to see the exact error message

System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

that was described in Authentication failed because remote party has closed the transport stream

Then I added this line before the HTTP Soap Invoke (before the try of SelectPayment) in the code:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

And finally after hours the program did work! :)

It seems like the

Runtime Version: v4.0.30319 Version: 4.0.0.0

is using always the TLS 1.0 on default, if you don't tell them to use TLS 1.2.

Imported info for IIS6 from this site https://forums.iis.net/t/1189663.aspx?TLS+1+1+or+1+2+on+IIS6+Win2003+

IIS 7.5 (Windows 7 and Windows server 2008 R2) are the only web servers on MS platforms which supports TLS 1.1 and TLS 1.2.