1

I have a C# application running on a Windows 2012 R2 server that needs to post requests to a partner. It's failing at WebRequest.GetRequestStream() with The request was aborted: Could not create SSL/TLS secure channel. I can get results through Postman on the same servers. My best guess is that the cause is from a mismatch of cipher suites.

From https://www.ssllabs.com/, the only supported cipher suites are:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

These two aren't available with 2012 R2. https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8-1

I'm seeing instructions on how to restrict cipher suites on the servers, but not adding them.

Is there a way to add new cipher suites from the program?

Thomas Doyon
  • 11
  • 2
  • I'm currently experiencing this exact same issue. With Windows Server 2012 R2 reaching end-of-life later this year, upgrading seems to be the only real solution. – Michael Brandon Morris May 04 '23 at 19:05

1 Answers1

0

Please try this update on the server: https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94 - While I cannot try it myself it looks promising. The suites added are listed in the middle of this article.

flohack
  • 457
  • 1
  • 4
  • 18
  • 1
    Thank you, but this doesn't add the ones I'm looking for. The ones I'm looking for have ECDHE. This adds DH. – Thomas Doyon Aug 02 '21 at 17:27
  • 1
    Uh well, then you might be out of luck. I do think that Microsoft always uses their crypto API for C# and therefore its not possible to bypass that easily. – flohack Aug 03 '21 at 10:45
  • My issue exactly. We're in the process of upgrading to Windows Server 2022, but it looks like we should have started a couple of weeks earlier. We'll just have to accelerate our upgrade schedule to get to Windows Server 2012 because we need one of the ECDHE ciphers to communicate with our partner. – Yossi G. Aug 18 '23 at 03:10