Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel

Question

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At line:4 char:6
+ $r = Invoke-WebRequest -Uri $url
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

my client is facing this issue while other application trying to hit my service. i enabled TLS 1.1. and 1.2 on my server

d other party invoking our service and they are getting this issue... — priyanka gharat, Jan 23 '19 at 15:44
can you post the code that is calling the web service? can you post details of how you enabled TLS 1.1 and 1.2 — GregH, Jan 23 '19 at 15:57
and in browser-->advance setting i have enabled TLS 1.1. and 1.2 — priyanka gharat, Jan 24 '19 at 11:12

nkincy · Answer 1 · 2019-01-24T14:52:38.850

4

If the client is attempting to negotiate the request using TLS 1.0, but only TLS 1.1 and 1.2 are supported you will get this error.

Try forcing the client to utilize TLS 1.2 by adding the below code to the client's application before the request is made to your service.

PowerShell:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

C#:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

See:

Update .NET web service to use TLS 1.2

Powershell Setting Security Protocol to Tls 1.2

edited Jan 24 '19 at 14:52

answered Jan 23 '19 at 21:16

nkincy

211
2
7

Thank ypu for the reply. – priyanka gharat Jan 24 '19 at 08:25
0 U mean to say i should ask third party to add below code to their application before calling our service??? System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; that means the issue is on their site?? because i have enabled all TLS version on our server. – priyanka gharat Jan 24 '19 at 09:11
@priyankagharat Can you confirm that the error message you posted was from the client's application? Are you certain that TLS 1.0 is supported on the URL the client is trying to call? .NET versions 4.5 and older will use TLS 1.0 by default, and you stated in your question that only 1.1 and 1.2 were enabled. If this is the case you will get the error message you posted. – nkincy Jan 24 '19 at 13:59
external application trying to cl our service .in response they are geting this iisue. – priyanka gharat Jan 24 '19 at 14:12
and we are using .net 4.6 – priyanka gharat Jan 24 '19 at 14:13

score 2 · Answer 2 · answered Mar 13 '21 at 13:30

The cause of the error is Powershell by default uses TLS 1.0 to connect to website, but website security requires TLS 1.2. You can change this behavior with running any of the below command to use all protocols. You can also specify single protocol.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3
[Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel

2 Answers2