Invoke-WebRequest：请求被中止：无法创建 SSL/TLS 安全通道

Question

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At line:4 char:6
+ $r = Invoke-WebRequest -Uri $url
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

my client is facing this issue while other application trying to hit my service. i enabled TLS 1.1. and 1.2 on my server

Answer 1

If the client is attempting to negotiate the request using TLS 1.0, but only TLS 1.1 and 1.2 are supported you will get this error.

Try forcing the client to utilize TLS 1.2 by adding the below code to the client's application before the request is made to your service.

PowerShell:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

C#:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

See:

Update .NET web service to use TLS 1.2

Powershell Setting Security Protocol to Tls 1.2

Answer 2

The cause of the error is Powershell by default uses TLS 1.0 to connect to website, but website security requires TLS 1.2. You can change this behavior with running any of the below command to use all protocols. You can also specify single protocol.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3
[Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"

Answer 3

U mean to say i should ask third party to add below code to their application before calling our service???

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

that means the issue is on their site?? because i have enabled all TLS version on our server.