Menu
I am kind of at a lost here. Adding the ServicePointManager stuff usually fixes this but this time I keep getting the error below. My server can access the same URL from the browser and POSTMAN. But running this through the website fails. This works on my local computer though. I have TLS 1.1 and TLS 1.2 enabled on the server.
Is there anything wrong with my server TLS setup? https://www.ssllabs.com/ssltest/analyze.html?d=basketball.exposureevents.com
I am using CertifyTheWeb certificates, basically free SSL. Not sure if this has anything to do with it.
I am sending to the link below which is rejecting the request when made from the code below from IIS.
https://www.nationalsportsid.com/tournament/6028
Message :The request was aborted: Could not create SSL/TLS secure channel. Source :System Stack Trace : at System.Net.HttpWebRequest.GetResponse() at
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
var webRequest = (HttpWebRequest) WebRequest.Create("https://www.nationalsportsid.com/tournament/" + nationalSportsId);
try
{
using (var webResponse = (HttpWebResponse) webRequest.GetResponse())
{
if (webResponse.StatusCode == HttpStatusCode.OK)
{
return true;
}
}
}
catch (WebException ex)
{
Logger.Error(ex);
}
Here is what Message Analyzer records
Handshake
Alert
272
The error “The request was aborted: Could not create SSL/TLS secure channel.” can happen during any download HTTP request. This error generally will correspond to firewalls, proxies or DNS filtering blocking the connection or an SSL/TLS cipher misconfiguration.
However, the "Could not create SSL/TLS secure channel" error usually means that there's something wrong with the server certificate, e.g. the certificate is for a different hostname, or otherwise invalid, or not trusted etc.
Open Visual Studio and open the solution containing the web project you'd like to run in IIS Express with SSL. Verify that SSL Enabled is set to True . If you are working with a web project for which SSL has not yet been enabled, set SSL Enabled to True .
It was a configuration issue on the other server in Apache. They loosened their SSL configuration, which I am not sure what they did but their previous configuration is below. I can now make a HTTP request to their server.
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
It's possible that your destination server does not have any of the cipher suites configured for SSLv2 and SSLv3. You need to check that your client allows connecting using the cipher suits configured on the server for the allowed SSL protocols.
In Windows use:
Get-TlsCipherSuite [[-Name] <String>] [<CommonParameters>]
in power shell. Reference - https://docs.microsoft.com/en-us/powershell/module/tls/get-tlsciphersuite
To add cipher suites in windows:
Enable-TlsCipherSuite
[[-Position] <UInt32>]
[-Name] <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Reference - https://docs.microsoft.com/en-us/powershell/module/tls/Enable-TlsCipherSuite
To get the existing cipher suites in Linux:
openssl ciphers [-v] [-V] [-ssl2] [-ssl3] [-tls1] [cipherlist]
Reference - https://linux.die.net/man/1/ciphers
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
