stackoom
  简体   繁体   中英

WebService using TLS1.1, TLS1.2 unable to connect on development server, works in local development

 原文  2020-03-06 18:49:03       .net/ ssl/ tls1.2/ windows-server-2012-r2

Question

I have a .NET WebService call that is set to use TLS1.1 or higher. This works in my local development, but when i move to our development server, I receive the following error:

Could not ExecuteRequest for xxx data - - The request was aborted: Could not create SSL/TLS secure channel.

In the code i have the tls settings:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13 | SecurityProtocolType.Ssl3;

I've verified on the server the registry settings are correct for enabling TLS1.1, 1.2, etc... by checking: *HKEYLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols[TLS 1.1, TLS 1.2]* I have the DisabledByDefault = 0 and Enabled = 1 for both "Client" and "Server" keys at these locations

In the windows system logs there is an Schannel error: EventID 36887: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

I'm not sure where to go from here. I feel like it's probably a simple setting or a registry tweak, but i'm lost now.

thanks in advance for the help

1 answers

solution1
 0  2020-03-06 22:11:21

If I understand you correctly, you have a code that works on one server, but not the other. In that case it seems that at least you have configured .Net Framework correctly, but as one of the comments suggest you should check that your OS supports it TLS 1.1 (maybe worth checking that you are running on exact same .net framework version as well).

I see that you use win server 2012 and it seems it's not enabled by default in there. Here is a quote from MS docs here :

Earlier versions of Windows, such as Windows 7 or Windows Server 2012, don't enable TLS 1.1 or TLS 1.2 by default for secure communications using WinHTTP. For these earlier versions of Windows, install Update 3140245 to enable the registry value below, which can be set to add TLS 1.1 and TLS 1.2 to the default secure protocols list for WinHTTP.

Try checking the documentation and verify TLS 1.1. is enabled in OS.

PS If the server you are trying to connect to supports TLS 1.2, I would not bother with TLS 1.1 at all, and just force all to use TLS 1.2.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question .Net Client - Java server Connection problem using tls1.2 Using TLS1.2 on older Windows system TLS 1.2 being used regardless of .net code using TLS 1.1 .NET Disable inbound that are not TLS1.2 Does .NET Framework 2.0 Support TLS1.1? Connecting a client to a TCP server using TLS 1.2 Connecting using TLS 1.2 TLS 1.2 works with LdapConnection but not DirectoryEntry TLS1.2 does not exist with .NET v4.7 Trying to run TLS1.2 on XP sp3 with .net 4.0
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM