2

I'm using Windows 7 x64 and recently Visual Studio stopped working with nuget.org. Now it reports this error: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

I searched, tried everything from this similar topic: nuget.org: Unable to load the service index

I read this article about Deprecating TLS 1.0 and 1.1 on NuGet.org: https://devblogs.microsoft.com/nuget/deprecating-tls-1-0-and-1-1-on-nuget-org/#ensuring-your-system-uses-tls-1-2

I ensured my system has kb2533552 и kb3140245 installed and also checked the necessary values exist in the registry "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"

Still, after all this I am unable to use the Package Manager. I can access https://apiint.nugettest.org/v3-index/index.json from the browser, but I cannot make the following c# code work - it still throws an exception:

var client = new HttpClient();
string uri = "https://apiint.nugettest.org/v3-index/index.json";
var response = await client.GetAsync(uri);
string msg = "If you see this, your machine has no TLS/SSL issues with nuget.org";
Console.WriteLine(msg);
cicatrix
  • 163
  • 1
  • 10
  • You will also need to ensure you're running .NET 4.7.2 or 4.8, since otherwise the code is unable to default to TLS 1.2 through OS settings. Are you? – Jeroen Mostert Aug 08 '22 at 14:39
  • By default this example I tested it uses net 6.0. But I see this error also when I try to use Nuget package manager console in Visual Studio (2022). Where should I check this for IDE itself? – cicatrix Aug 08 '22 at 14:40
  • Visual Studio 2022 itself is still a .NET 4.x application, so it should use the version of the .NET 4.x framework that's installed (there's only one and it's global). That said, if .NET 6 doesn't work it's probably not going to work there either, since 6 should definitely default to the OS, and I'm not sure what version of NuGet/framework would be used to restore packages if you're building a .NET 6 app -- VS is only the shell and I'd imagine the build system is the .NET 6 SDK throughout, including NuGet. – Jeroen Mostert Aug 08 '22 at 14:51
  • This is what baffles me. Even if the fact that devenv.exe is still a .Net 4.x app, why my core 6 app from the original question still throws an exception under windows 7? It works fine with Win 10 though. I think the issue is not with Visual Studio itself but with the OS and some missing update, I think. Nevertheless, the nuget url opens fine with a browser. I wonder if the old outdated IE would open it though. – cicatrix Aug 08 '22 at 17:22
  • It seems that the version of the package in this source( https://apiint.nugettest.org/v3-index/index.json) has not been updated, maybe you can try to use this source" https://api.nuget.org/v3/index.json". – Jingmiao Xu-MSFT Aug 10 '22 at 05:01
  • What does https://gist.github.com/zivkan/5291f507c8c5724d41a18357b7afcd30 report? Having exactly the same problems, and it tells me all failed, but someone over at https://developercommunity.visualstudio.com/t/nuget-not-working-again-could-not-create-ssltls-se/1096460 got `Tls12 worked` and fixed the problems by **removing** `SystemDefaultTlsVersions` and `SchUseStrongCrypto` from registry mentioned at https://learn.microsoft.com/en-gb/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#configure-for-strong-cryptography which didn't work for me. – feos Aug 15 '22 at 19:34
  • I got `dotnet restore` to succeed **once** while running Tor as HTTP proxy for the OS but it never worked again. – feos Aug 15 '22 at 19:36

1 Answers1

0

I had the same problem. I was also unable to check for updates in the extensions and updates dialog.

It started working again when I added the following cipher suites to the machine and rebooted:

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384

This can be done via Group Policy -> Computer Configuratiom -> Administrative Templates -> Network -> SSL Configuration Settings -> SSL Cipher Suite Order, but can also be found in the registry at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002 in the Functions value

Dev Chris
  • 1
  • 1
  • Which registry path? – feos Aug 26 '22 at 13:20
  • You might want to add this as a comment, not as a possible solution – Charles de M. Aug 29 '22 at 14:56
  • feos I've added the group policy and registry locations to the post – Dev Chris Aug 30 '22 at 08:14
  • Making an answer suddenly stopped working. So I tried everything described on the web and nothing helped. In the end, I solved this by switching from *Windows 7 Home Premium* to *Windows 7 Ultimate*. It really feels like there's more stuff locked in the former than is described in the docs, or maybe there are some weird dependencies that stopped working. – feos Nov 05 '22 at 22:00