The request was aborted: Could not create SSL/TLS secure channel

Sajith Gopalakrishnan Hema 1,041

.Net Class Library is based on 4.5 and using HtmlAgilityPack, I was calling an https URL and it was working fine.

After the website is updated and will not support old browsers which are not TLS v1.2 compliant. Getting the error -

Tried below article, still it is not working

https://kevinchalet.com/2019/04/11/forcing-an-old-net-application-to-support-tls-1-2-without-recompiling-it/

Cheong00 3,481 Reputation points

2020-11-25T01:35:32.997+00:00

The linked article said that clearly - updated to v4.7+ will make it work by default. Is there any reason that prevents you to do so?
Xingyu Zhao-MSFT 5,366 Reputation points

2020-11-25T01:36:35.06+00:00

Hi @Sajith Gopalakrishnan Hema ,
As suggested in the document, have you tried to upgrade your application to .NET Framework 4.7 or later versions ?
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-11-25T04:52:43.45+00:00

The SharePoint Server is installed on Windows Server 2012 R2 and the configuration as follows

<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>

In VS 2015, there is no option to upgrade to .NET Framework 4.7 and when i did it to .net 4.7 from another machine also the same error persist.

Tried all below option.Still unable to use HtmlAgilityPack. Please suggest
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-11-25T07:58:43.62+00:00

I upgraded to .Net Framework 4.7 from another machine. Still it did not work.
Xingyu Zhao-MSFT 5,366 Reputation points

2020-11-25T08:00:14.893+00:00
Hi @Sajith Gopalakrishnan Hema ,
Considering that you may need to switch to Tls13, try to upgrade your app to .NET Framework 4.8 which has supported Tsl13.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-11-25T10:12:12.087+00:00

In the code, I need to use this right ? - ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;

what about support runtime.

I tried the below options before. But it did not work.

https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf

Do I need to change anything in the App.Config

<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-11-25T12:58:23.917+00:00

From the Window Server 2012 R2, the solution is not working. But the same solution works in Windows 10 Machine if the target framework is .net framework 4.5.2

When we change target frame work to .net framework 4.8, and update the code with ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;

<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
</startup>

Getting the following error in Windows 10 machine.
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-11-26T05:41:28.057+00:00

works in Windows 10 machine. But I need to run it from Windows Server 2012 R2 Machine. Please advise.
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-11-29T13:57:36.557+00:00

Pleas advise
Cheong00 3,481 Reputation points

2020-11-30T01:17:07.983+00:00

In that case the only way would make it work would be to use the other SSL libraries. .NET framework uses SChannel to provide HTTPS encryption, however TLS1.3 is not supported on Win2012R2 version there. (In fact, as of now the only Windows version have TLS1.3 support is Win10. It's not supported on any of the Windows Server versions)

If the server have Chromium based Edge, you may also consider change to use WebView2 control instead because Chromium doesn't use SChannel either. If you want to choose this route, it's worthwhile to take a look at the WebView2Brower project that is created by the Edge team to create a browser solely with WebView2 control.
Cheong00 3,481 Reputation points

2020-12-01T08:15:10.357+00:00

FYI, if we're talking about TLS 1.3, since SSL encryption of .NET Framework is provided by SChannel Windows Service, and currently only Win10 have TLS1.3 support (i.e.: none of the Windows Server version have TLS 1.3) you'll have to wait for an update for Windows Server 2019 and upgrade there in order to work. (I doubt if Microsoft will backport it to earlier system.)

If you need TLS1.3 support real fast, consider rewrite to use OpenSSL or other libraries instead.
Sajith Gopalakrishnan Hema 1,041 Reputation points

2020-12-01T13:03:15.653+00:00

Still I am using TLS 1.2 in the application from Windows 10 (not TLS 1.3) and it is working.

Can I use HtmlAgilityPack with OpenSSL ? do you have additional information ?
Cheong00 3,481 Reputation points

2020-12-02T01:33:37.167+00:00

No, to use OpenSSL, you'll literally need to rewrite that part from scratch, so only do that if there is urgent need to use TLS 1.3. (Some sites such as devblogs.microsoft.com upgraded to allow TLS 1.3 only. So if I started Fiddler on Win7, I cannot access it with HTTPS decryption turned on)

This information is for the topic on TLS 1.3 only, not something directly related to your problem.

Follow the Premier Developer blog if you want to monitor the announcement of TLS1.3 support on servers.
Sajith Gopalakrishnan Hema 1,041 Reputation points

2021-01-13T04:50:42.897+00:00

Please find below the protocol and cipher supported by the URL
Anonymous

2023-11-29T06:27:37.3066667+00:00

Hi I am using .Net Framework 4.7, but still I am getting same error. even I tried with .Net framework 4.8 but didn't work showing error as follows. Pls help me out.

The request was aborted: Could not create SSL/TLS secure channel.

__Description:__An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

__Exception Details:__System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

6 answers

Darren Steven 26 Reputation points

2021-10-28T13:33:00.637+00:00
@Sajith Gopalakrishnan Hema I have managed to resolve the issues on my server by updating the SSL Cipher Suire Order, i had mistakenly removed some of the suites that windows suggested was for TLS1.0 and 1.1 only when in actual fact they were needed for some TLS1.2 connections as well.

I resolved my issues by:

Open Run Prompt and run gpedit.msc

Navigate to "Administrative Templates > Network > SSL Configuration Settings"

Open SSL Cipher Suite Order

Select Enabled

Paste the list of suites below into the text box (make sure there are no spaces)

Click Apply

Restart the server

SSL SUITES:

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Note, these suites work for me but you may require other ones for different applications. You should be able to find a full list and more info on the suites here https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel?redirectedfrom=MSDN

I hope this helps to solve your issue
Please sign in to rate this answer.

5 people found this answer helpful.
Jonathas Sucupira 1 Reputation point

2022-06-03T18:07:26.33+00:00

@Darren Steven Thank you for this. This solved my issue

Nguyễn Minh Hoàng 0 Reputation points

2024-12-09T03:49:35.9666667+00:00

thank you so much. it's very helpfully
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Prashant Sonnaik 26 Reputation points

2020-12-06T07:37:11.873+00:00

@Sajith Gopalakrishnan Hema add below line prior to the service call
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
Please sign in to rate this answer.
Sajith Gopalakrishnan Hema 1,041 Reputation points

2021-01-10T10:22:41.377+00:00

I tried this. Still not working

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

string URL = "https://xxxxxxxx";
HtmlWeb web = new HtmlWeb();
HtmlDocument doc = web.Load(URL);

Getting the following while running under server

{System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at HtmlAgilityPack.HtmlWeb.Get(Uri uri, String method, String path, HtmlDocument doc, IWebProxy proxy,
at

Also the string URL = "https://xxxxxxxx"; supports only below protocols and cipher
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Evan Chatter 16 Reputation points

2021-10-18T05:45:15.067+00:00

The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
SecurityProtocolType.Tls
SecurityProtocolType.Tls11
SecurityProtocolType.Ssl3;

//createing HttpWebRequest after ServicePointManager settings
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Darren Steven 26 Reputation points

2021-10-27T14:05:06.963+00:00

@Sajith Gopalakrishnan Hema have you managed to resolve this yet? I'm having exactly the same issue windows server 2012 R2 with .net 4.8 application. If I try to force a tls1.3 connection I get the following message

Exception Details: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

I believe this is due to windows server 2012 not supporting tls1.3, if I force tls1.2 I get this instead

Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

The site I'm reading from only supports tls1.2 and 1.3 so I need to make it work with this.

One of the things I recently changed was the SSL Cipher Suite Order, I haven't figured out if this has affected it or not just yet but this is my next point to look at if it helps. I will post another update if I fix it.
Please sign in to rate this answer.
Sajith Gopalakrishnan Hema 1,041 Reputation points

2021-10-28T04:57:11.213+00:00

The application was not working in Windows 2012. But it was working in Windows 10 and Windows Server 2016.

I tried the below link. I could not solve it. You can give a try. If it gets resolved, please let us now.

https://www.medo64.com/2020/05/using-tls-1-3-from-net-4-0-application/
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Rosi Kumari 0 Reputation points

2023-06-14T06:20:47.47+00:00

@SGH How did you solve this issue?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

The request was aborted: Could not create SSL/TLS secure channel

6 answers

Your answer