1

I get The request was aborted: Could not create SSL/TLS secure channel. Web form app is running on asp.net 4.8 version, the error occurs when sending request to payone api. The application is copied manually to server folder.

It works locally but on server it is throwing error. The suggested answers in similar questions is to add SecurityProtocolType to Tls12, which is already done before http call. Additionally in Global.asax added following lines in Session_Start()

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

ERROR :

The request was aborted: Could not create SSL/TLS secure channel. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Source Error:

Line 101:
Line 102:            // The entire code base is synchronous, so keep it that way
Line 103:            var response = Client.client.SendAsync(request).Result;
Line 104:            if (!response.IsSuccessStatusCode)
Line 105:            {

One more things: Also followed this article to check Tls version on server, and by running [Net.ServicePointManager]::SecurityProtocol in powershell, Tls12 is being displayed.

Can someone help identify where the problem is?

Version information:

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4494.0

Registry snapshot

Also added tls 1.2 manually in registry following this article.

enter image description here

Amir Dora.
  • 2,831
  • 4
  • 40
  • 61
  • _"The entire code base is synchronous, so keep it that way"_ - **ugh** – Dai Sep 02 '22 at 10:08
  • 1
    `.SendAsync(request).Result` <-- This is **exactly** how you can make your code deadlock. There is no reason to be afraid of `async`/`await`. Go tell whoever wrote that _"keep it that way"_ comment to pound sand and read a high-perf programming guide written in the past 15 years. – Dai Sep 02 '22 at 10:08
  • Are any relevant events logged in the Windows Event Viewer? Have you enabled `schannel` logging? ( https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/health-diagnostic-performance/enable-schannel-event-logging ) – Dai Sep 02 '22 at 10:19
  • Thanks for your feedback, yes it does need improvement, this is some legacy code. @Dai – Amir Dora. Sep 02 '22 at 10:23
  • no not enabled, just general event logs we can see. @Dai – Amir Dora. Sep 02 '22 at 10:57
  • Then enable schannel logging and enable any other relevant diagnostics and try to reproduce the problem and see what's logged. – Dai Sep 02 '22 at 10:58
  • HTTPS is a little more complicated than just figuring out whether TLS 1.2 is enabled or not. There's individual ciphers and algorithms etc that may be enabled/disabled. It could be that you couldn't find a common set of ciphers/algorithms between client and server. Or perhaps some networking appliances in between doesn't support or has disabled TLS 1.2 (such as a firewall or load balancer). One tool that might assist you with this is Nartac's [IIS Crypto](https://www.nartac.com/Products/IISCrypto/). – mason Sep 02 '22 at 15:18

0 Answers0