I am trying to inplement REST request via TLS 1.2 protocol and getting issue:
The request was aborted: Could not create SSL/TLS secure channel
1) Application is hosted on Windows 2016 server
2) Register has enabled server and client configuration enabled in HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2 folder
3) Application forced to use TLS protocol
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
4) Application is running on .Net 4.7
I would be appropritiate with any ideas
Thanks
Make sure to check all these registry settings
Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft.NETFramework\\v4.0.30319
Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL\\00010002
Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS1.2\\Server
In general, The WCF framework automatically chooses the highest protocol available up to TLS 1.2 unless you explicitly configure a protocol version. But calling REST API might have a different behavior although we have not noticed that.
This was not required in our case:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
But this was:
<system.web>
<compilation targetFramework="4.6" />
<httpRuntime targetFramework="4.6" />
<customErrors mode="Off" /> </system.web>
As well as this one:
<basicHttpBinding>
<binding name="HTTPSEndpoint" messageEncoding="Text">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
Hope this helps.
References:
Enable TLS 1.2 for specific Ciphers
.Net Framework 4.6.1 not defaulting to TLS 1.2
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls https://blogs.msdn.microsoft.com/friis/2017/10/09/troubleshooting-tls-ssl-scenario-2/ https://textslashplain.com/2015/10/12/viewing-https-handshakes-in-fiddler/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.