VB.NET Web服务无法连接：“无法创建SSL / TLS安全通道”

Question

I am trying to connect to a web service which is written in Java language on the server side. My program is written in VB.NET 4.0 on the client side.

When i try to call any methods from the web service I receive the following error message :

WS-Metadata Exchange Error URI: [ http://...] Metadata contains a reference that cannot be resolved. The request was aborted: Could not create SSL/TLS secure channel

I am using a certificate to connect to the web service, however it seems that the problem is on the communication level between my host machine (client) and the server. The certificate i am using is never been checked as the client and the server can even not communicate.

I have tried to set the security protocol to "SSLv3" or "TLS12" but it didn't help. Thank you in advance for any suggestions.

Also i should mention that i managed to connect to this web service using a Java class. It seems that when the client side is written in Java it works but when it's in VB.NET it doesn't work.

P. HAB

EDITED :

I used "Wireshark" to discover the HTTPS packets which are sent and received by my program, here what I found in the transmitted packets :

Request by the client :

Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 140
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 136
      Version: TLS 1.0 (0x0301)
        Random
        Session ID Length: 0
        Cipher Suites Length: 24
        Cipher Suites (12 suites)
        Compression Methods Length: 1
        Compression Methods (1 method)
        Extensions Length: 71
        Extension: server_name
        Extension: elliptic_curves
        Extension: ec_point_formats
        Extension: Extended Master Secret
        Extension: renegotiation_info

Response from the server :

Secure Sockets Layer
TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
    Content Type: Alert (21)
    Version: TLS 1.0 (0x0301)
    Length: 2
    Alert Message
        Level: Fatal (2)
        Description: Handshake Failure (40)

I have tried to change the security protocol to different versions of SSL/TLS but it changed nothing. My client tries to send a "Client hello" with standard values (no user-customized parameters were specified) but the server is not accepting it. Any suggestions ?

Answer 1

Solution found :

The problem is in fact related to the Cipher suites and specially the RC4 algorithme. Actually my client is written in VB.NET 4.0 and in this version of .NET the deprecated RC4 algorithme is still supported and proposed by the .NET framework to any Web server during the "Hello Client" (Handshake) process.

The only presence of the RC4 cipher suites in the supported list of the cipher suites by my client was making the server to abort the connection with the following error message : "The request was aborted: Could not create SSL/TLS secure channel"

So I had to deactivate the RC4 cipher suites on my client machine by going in the system registry using regedit.exe and add the following key to these two specified paths :

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft.NETFramework\\v4.0.30319 "SchUseStrongCrypto"=dword:00000001

And

HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft.NETFramework\\v4.0.30319 "SchUseStrongCrypto"=dword:00000001

After restarting the client machine I was able to connect to the web service succesfully.

For more information about the deprecated RC4 algorithmes :

https://technet.microsoft.com/en-us/library/security/2960358.aspx

=> Also you should notice that this problem exists only in .NET 4.0-4.5. From the version 4.6 and above its working fine.