0

I have a .NET 4.7.2 application which run perfectly for two years, until the authentication provider enforced TLS1.2. At the point a get the following error:

Server Error in '/' Application.

The request was aborted: Could not create SSL/TLS secure channel.

From all the documentation I read in these 3 weeks since the problem began, everything points to the information that .NET 4.7.2 automatically enforces TLS1.2, but somehow that's not happening.

What's happening? Can someone throw a light, please?

pinkfloydx33
  • 11,863
  • 3
  • 46
  • 63
Sergio Di Fiore
  • 446
  • 1
  • 8
  • 22
  • Do you host your application on IIS? In that case it can be that the TLS1.2 is not enabled on the host OS. – Andrii Litvinov Jun 05 '21 at 18:13
  • The hosting provider states that it is... – Sergio Di Fiore Jun 05 '21 at 18:17
  • 1
    Have you checked this question yet https://stackoverflow.com/questions/44751179/tls-1-2-not-negotiated-in-net-4-7-without-explicit-servicepointmanager-security? – Andrii Litvinov Jun 05 '21 at 18:25
  • VS 4.7.2 or later default to operating system for TLS. So either The client is requesting wrong TLS version or the Operating System is old and doesn't support TLS 1.2. To select correct version of TLS add followig static method to the beginning of your code : ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; the version of TLS is in the User Web setting. You can check your browser options which is same as what Net will use. – jdweng Jun 05 '21 at 18:25
  • Does this answer your question? [TLS 1.2 not negotiated in .NET 4.7 without explicit ServicePointManager.SecurityProtocol call](https://stackoverflow.com/questions/44751179/tls-1-2-not-negotiated-in-net-4-7-without-explicit-servicepointmanager-security) – Rafael Biz Jun 05 '21 at 18:35
  • 1
    @RafaelBiz, unfortunately don't – Sergio Di Fiore Jun 05 '21 at 18:37
  • @jdweng I've seen about this statement you mention: "ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12", but always says add to you code... What part of the code? Surely is not the web.config... That information alone gives no solution... – Sergio Di Fiore Jun 05 '21 at 18:40
  • Add it to Application_Start in global.asax.cs – Wiktor Zychla Jun 05 '21 at 19:18
  • Any place before the request is made. It is a static method. When user logs in there is temp space where persistent variable are kept. In this case it is the browser settings. The application uses the default settings. Setting the SecurityProtocol overrides the default user settings. You can change you browser settings or set the registry value to change default permanently but then only the current user will work and not other users. – jdweng Jun 05 '21 at 21:33

0 Answers0