1

I'm using Visual Studio 2012 to manage a website. Recently, I changed the Target Framework to .NET Framework 4.5 so I could disable TLS 1.0 on the server and still have it communicate with a SQL server. The main functionality, including its connection to the database, now works with TLS 1.0 disabled.

I'm trying to add a Service Reference (Website -> Add Service Reference). When I enter the URL, I get an error message:

There was an error downloading 'https://<domainName>/PublicAPI/Generic_ws.asmx/_vti_bin/ListData.svc/$metadata'.
The underlying connection was closed: An unexpected error occurred on a receive.
The client and server cannot communicate, because they do not possess a common algorithm
Metadata contains a reference that cannot be resolved: 'https://<domainName>/PublicAPI/Generic_ws.asmx'.
An error occurred while receiving the HTTP response to https://<domainName>/PublicAPI/Generic_ws.asmx. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
The underlying connection was closed: An unexpected error occurred on a receive.
The client and server cannot communicate, because they do not possess a common algorithm
If the service is defined in the current solution, try building the solution and adding the service reference again.

This is very similar to the error I was getting trying to connect to SQL Server after I disabled TLS 1.0. I fixed it by changing the Target Framework to 4.5 (which is the highest Target Framework listed in my VS 2012).

I have verified with the location that I am connecting to that they support TLS 1.0, 1.1, and 1.2.

Is there a setting somewhere else I need to change for Service References to connect with either TLS 1.1 or 1.2?

Pryach
  • 391
  • 2
  • 8
  • 18
  • 1
    https://stackoverflow.com/questions/37869135/is-that-possible-to-send-httpwebrequest-using-tls1-2-on-net-4-0-framework/37869237#37869237 – Crowcoder Feb 05 '18 at 18:50
  • @Crowcoder that will fix any existing code I have, but how can I fix it so I can add new Service References in the Add Service Reference dialogue box without getting an error? – Pryach Feb 05 '18 at 18:57
  • 1
    Setting the SecurityProtocol on the ServicePointManager is a global setting to the entire app domain so just make sure you do that at any time before making your service calls. – Crowcoder Feb 05 '18 at 18:59

1 Answers1

2

Add service reference functionality internally uses Svcutil.exe. It by default uses TLS1.0 as part of hand shake and server rejects it.

Couple of ways you can fix it. Open the registry and add these registry keys according to platform configuration, reboot the box

x64:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] 
"SchUseStrongCrypto"=dword:00000001

If the application is 32bit running on x64 windows, we need to modify the same key under the:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Hope it helps.

Cinchoo
  • 6,088
  • 2
  • 19
  • 34
  • I added the new registry key, rebooted the server, but I am still getting the same issue. https://i.imgur.com/bQoG9kz.jpg – Pryach Feb 05 '18 at 21:14
  • may be vs.net is running in 32bit mode. Try creating key under Wow6432Node as well. – Cinchoo Feb 05 '18 at 21:30
  • I'm not saying this won't work (I really have no idea), but I've never had to edit the registry to make service calls generated by Add Service Reference. – Crowcoder Feb 05 '18 at 21:38
  • Really does work. Had a server where i disabled TLS 1.0 and SvcUtil.exe only gave me "The client and server cannot communicate, because they do not possess a common algorithm". This is the executable deployed with .Net 4.7.2. Added those 2 registry keys. Retried. Downloaded. No issues. Did not need to reboot. – Wolf5 Sep 05 '19 at 13:05