-2

I am using HttpClient.PostAsync to call a REST web service (Unified Endpoint Management, but I doubt that is relevant) on a remote (internal LAN) server. The call is throwing an exception as follows:

10/15/2020 5:05:25 AM An error occurred while sending the request.
10/15/2020 5:05:25 AM    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
10/15/2020 5:05:25 AM The underlying connection was closed: An unexpected error occurred on a send.
10/15/2020 5:05:25 AM    at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
10/15/2020 5:05:25 AM Authentication failed because the remote party has closed the transport stream.
10/15/2020 5:05:25 AM    at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

The error seems to indicate some kind of TLS error. The certificate is issued by an internal CA which is trusted through Group Policy. I can do the exact same call by pasting the JSON data, URL and headers into Postman, and it works. I can open the server URL in Firefox without a problem, although on Edge I get an error "Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in the Advanced settings," but doing that changes nothing either on the .NET service on in Edge. I have also done the same in .NET by specifying the TLS options to 1.0, 1.1 and 1.2 manually. I've done likewise for SSL 2.0 and SSL 3.0, but nothing changes.

According to the software vendor, it should be using TLS 1.2. I cannot change much server side as it's proprietary software.

Any ideas? I need to get this working again, but the code hads't changed since before the server was updated and the REST API specification remains the same (confirmed by Postman).

I’m running the code on .NET Framework 4.6.1 (ASP.NET). The flow is a bit strange as I have a web interface running on PHP (Laravel) on one server, which sends a call to a .NET web service on another server (this is where I’m running into the problem), that server in turns calls a Tomcat server and also performs tasks in .NET.

user10504
  • 94
  • 6
  • 1
    Does this answer your question? [Update .NET web service to use TLS 1.2](https://stackoverflow.com/questions/45382254/update-net-web-service-to-use-tls-1-2) – derpirscher Oct 15 '20 at 10:45
  • Microsoft in June this year did a security push which disabled TLS 1.0/1.1 on servers. So now clients have to use TLS 1.2/1.3. So add following : System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; – jdweng Oct 15 '20 at 11:29
  • It's impossible to answer without knowing whether you are using .NET Core or Framework. – Ian Kemp Oct 15 '20 at 11:41
  • It’s .NET framework 4.6.1 – user10504 Oct 15 '20 at 12:25
  • @jdweng I tried this without success. The web service is Tomcat based, but I’m consuming it from ASP.NET. The client is .NET, server isn’t. – user10504 Oct 15 '20 at 12:27
  • Try adding to the code : ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; – jdweng Oct 15 '20 at 13:04

1 Answers1

0

Thank you for everyone who offered assistance with this problem.

I solved this problem by disabling "TLS Cipher Suite Order" in the Local Group Policy, and rebooting the server - both steps were required to solve the problem.

The problem was not with the TLS version, as indicated in the message, but with the cipher used. It seems that the server was using a cipher not listed in the custom order specified by the policy.

user10504
  • 94
  • 6