1

I'm facing an issue with Windows Server 2012R2 and a C#-site that runs on the server. Some external HTTPS-requests fails with this error:

The request was aborted: Could not create SSL/TLS secure channel.

This works perfect on my dev-machine and our test-server (Windows Server 2019). I've come to understand that this is due to the fact that the server we're connecting to requires TLS1.2. So I added this code to be explicit about this:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Still have the same issue. So I digged a little deeper and it looks like the server we're connecting to requires specific chipsets, according to ssllabs.com:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH secp256r1 (eq. 3072 bits RSA) FS

And according to my research neither of these are supported on Windows Server 2012R2 - Upgrading the OS seems to be the only option.

BUT: I can make requests to this URL with Google Chrome on this machine (IE11 does not work). If it works with Chome, it feels like it should be possible with my C# code as well?

Markus Knappen Johansson
  • 1,461
  • 17
  • 19
  • Have you followed *all* the instructions in [this document](https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392) in order to enable TLS1.2 on 2012R2? Chrome itself uses its own cryptographic suite so not really relevant – Charlieface Jan 19 '22 at 01:18
  • @Charlieface thanks for taking the time and providing the link. Yes I did try all the steps. As far as my search takes me it seems that the only way to support these is OS-upgrades. I had our hosting provider update the VM and after this everything works fine. There might be other solutions but this is my 2nd time trying to find one without success. – Markus Knappen Johansson Jan 20 '22 at 08:46
  • The "Could not create SSL/TLS secure channel" exception can occur if the server is returning an HTTP 401 Unauthorized response to the HTTP request. You can determine if this is happening by turning on trace-level System.Net logging for your client application, as described in [this answer](https://stackoverflow.com/a/12327881/13336642). – samwu Jan 22 '22 at 08:57

0 Answers0