19

I have an incredibly simple web request with RestSharp:

var client = new RestClient("https://website.net");
var request = new RestRequest("/process", Method.GET);
request.AddParameter("cmd", "execute");
IRestResponse response = client.Execute(request);

var content = response.Content;
Console.WriteLine("Response: " + content);

This returns the error message:

The request was aborted: Could not create SSL/TLS secure channel

Three things:

  1. I get the response I expect through a browser,
  2. I get the response I expect through Postman,
  3. This request is being sent to a test environment, but I can send it to a production environment, which has a very similar address, and get the response I expect,
  4. I'm positive it worked before today.

Their certificate is using TLS 1.2 with AES 128, so it is unrelated to errors caused by RC4.

This is on my local Win 10 machine in Visual Studio 2015 with a target framework of .NET 4.5.2.

Why do I get this error?

EDIT:

By changing my code to use the base System.Net and the WebRequest class and adding the line:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

as suggested from here, it works. So I guess RestSharp is using the incorrect protocol for some reason?

Gerald
  • 521
  • 1
  • 6
  • 16
  • 1
    Is the website certificate valid? If not you would need to handle the CertificateCallback and validate manually – dsdel Apr 17 '18 at 19:18
  • Through a browser, the connection is secure and certificate is certified by DigiCert. – Gerald Apr 17 '18 at 19:21
  • 2
    Possible duplicate of [RestSharp: Could not create SSL/TLS secure channel](https://stackoverflow.com/questions/18947373/restsharp-could-not-create-ssl-tls-secure-channel) – Fred Kleuver Apr 17 '18 at 19:22
  • 1
    Which .NET Framework/Version do you target? What's your OS? Does this happen on your (local dev) machine or the (production) server? – wp78de Apr 17 '18 at 19:38
  • 1
    Take a look at Windows Event Viewer to get a more in-depth reason for the error than the generic message Windows provides. You should be able to get a TLS error code from there. – ToastyMallows Apr 17 '18 at 20:11
  • 1
    Which browser was used? From what I've encountered, it is a good idea to try Internet Explorer as it matches the .NET Framework closely. Chrome for example, has its own SSL libraries that may allow certificates or algorithms that .NET and IE may not. – Wiz Apr 17 '18 at 20:17
  • I'm identifying the error through "response.ErrorMessage" - It's not actually throwing an exception, so I don't think that would show up in the Windows logs... ? And I've tried both Firefox and Internet Explorer successfully. – Gerald Apr 17 '18 at 20:22
  • 2
    I downloaded the source out of curiosity (never used RestSharp before). Internally it uses the System.Net.HttpWebRequest (which inherits WebRequest). I also came across the code that catches the exception internally and setting it as the response.ErrorMessage (so an exception is thrown somewhere). Is it possible that adding the line enabling TLS1.2 would work with the RestSharp code that you had? – Wiz Apr 17 '18 at 21:18
  • Yes - that appears to work. Really curious as to what the difference may be with the production environment that RestSharp is deeming not to use TLS 1.2 when sent to the test environment. And why Internet Explorer works. And what changed recently to make this not work. But I'm not sure it's worth it. Thanks! – Gerald Apr 18 '18 at 00:21
  • 1
    See https://stackoverflow.com/a/28333370/226781. TLS1.2 is available in .NET 4.5 but is not turned on by default. Based on your description, I would guess that the production server supports lower versions of TLS (!) but the test server does not. If your code was previously working in test, then perhaps the test server itself was recently changed. – asherber Apr 18 '18 at 01:34
  • Me ajudou. Muito obrigado. – Charles May 27 '19 at 13:02

4 Answers4

18

In .NET 4.5, TLS 1.2 is available but not enabled by default.

So yes, if you need TLS 1.2, you'll need to specify it in some way for the .NET run time.

FYI: In .NET 4.7, .NET will use the OS's default SSL/TLS version (most modern OS's will have TLS 1.2 as their default)

Other good SO Answer:

Default SecurityProtocol in .NET 4.5

Don Cheadle
  • 5,224
  • 5
  • 39
  • 54
18

Even for Restsharp Library using the line below:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

before

IRestResponse response = client.Execute(request);

will work.

Vojtěch Dohnal
  • 7,867
  • 3
  • 43
  • 105
Er.Imran Shaikh
  • 309
  • 3
  • 7
  • if you cant find SecurityProtocolType.Tls12 and only have SecurityProtocolType.Tls. consider upgrading from .Net 4.0 to 4.5. or just use https://stackoverflow.com/questions/47269609/system-net-securityprotocoltype-tls12-definition-not-found – SoliQuiD Sep 06 '22 at 12:51
  • worked completely fine thanks – Mahdi Jan 08 '23 at 09:05
7

move this line:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

before this line:

WebRequest request = WebRequest.Create(url);

Hope that helps.

शेखर
  • 17,412
  • 13
  • 61
  • 117
user2686690
  • 175
  • 2
  • 3
0

Try this...

ServicePointManager.ServerCertificateValidationCallback = new        
RemoteCertificateValidationCallback
(
   delegate { return true; }
);
cigien
  • 57,834
  • 11
  • 73
  • 112
Rafael Sacramento Ribeiro
  • 41
  • 3