C# Could not create ssl/tls secure channel on Windows 7/Windows Server, using TLS1.2

Question

I know there's a lot of people asking for this but I think I've read answers and questions with no results for too long now.

I have a C# application calling a web service. Everything is fine on Windows 10, but when I run the app on Windows 7 (or Windows Server 2008 R2 or Windows Server 2012) the exception "Could not create ssl/tls secure channel" is thrown.

I'm using TLS1.2 with .NET Framework 4.5 (to tell the truth, the real application is 4.0 and I'm using a workaround to enable TLS1.2, but I've created a test app with 4.5 and native TLS1.2 management, still having the same problem: so it's not related to the workaround).

The same call with Postman works well even from Windows7.

Here's my code

    public static LicenseInfoDTO GetLicenseInfo()
    {
        LicenseInfoDTO result = null;

        Uri uri =_myUri;

        try
        {
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
            ServicePointManager.Expect100Continue = true;

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
            request.Accept = "application/json";
            request.Headers.Add("AuthToken", SECURITY_TOKEN);
            request.Method = "GET";

            WebResponse response = request.GetResponse();

            using (StreamReader reader = new StreamReader(response.GetResponseStream()))
            {
                JsonSerializer serializer = new JsonSerializer();
                result = (LicenseInfoDTO)serializer.Deserialize(reader, typeof(LicenseInfoDTO));
            }
        }
        catch (Exception ex)
        {
            logger.Error($"Error calling SEQUAR to get info for license {license}", ex);
        }

        return result;
    }

I've already tried with the "Microsoft EasyFix" found here (and on many answers on the web) with no results. https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

I've also did almost every combination of changes to the system registry I've found.

I'm going to check ciphers, but I'm not so expert to know where to look without searching randomly for something weird.

Does anyone have a magic solution to this? It's driving us crazy.

Thank you!

EDIT: using http instead of https it works.

Answer 1

In the end, we figured it out: it seems that .NET Framework uses Inte.net Explorer cyphers to secure https calls. In Windows 7 IE11 does not support any of the cyphers installed server-side: that's why the secure SSL/TLS channel could not be created.

We solved this adding an older cypher server-side, but we are planning to include Curl ( https://curl.haxx.se/windows/ ) to avoid using unsafe cyphers.

It has been a very long week, I hope this auto-answer will help someone out there, one day.

Answer 2

In order to make this successful, you need to update the .NET framework to 4.6.2 or higher. The link below cites the follow sentence: " NET Framework 4.6.2 and later supports TLS 1.1 and TLS 1.2. " Otherwise, this patch won't work.

https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client