Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The request was aborted: Could not create SSL/TLS secure channel but works from browser/POSTMAN

Tags:

c#

.net

https

ssl

I am kind of at a lost here. Adding the ServicePointManager stuff usually fixes this but this time I keep getting the error below. My server can access the same URL from the browser and POSTMAN. But running this through the website fails. This works on my local computer though. I have TLS 1.1 and TLS 1.2 enabled on the server.

Is there anything wrong with my server TLS setup? https://www.ssllabs.com/ssltest/analyze.html?d=basketball.exposureevents.com

I am using CertifyTheWeb certificates, basically free SSL. Not sure if this has anything to do with it.

I am sending to the link below which is rejecting the request when made from the code below from IIS.

https://www.nationalsportsid.com/tournament/6028

Message :The request was aborted: Could not create SSL/TLS secure channel. Source :System Stack Trace : at System.Net.HttpWebRequest.GetResponse() at

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

var webRequest = (HttpWebRequest) WebRequest.Create("https://www.nationalsportsid.com/tournament/" + nationalSportsId);
try
{
    using (var webResponse = (HttpWebResponse) webRequest.GetResponse())
    {
        if (webResponse.StatusCode == HttpStatusCode.OK)
        {
            return true;
        }
    }
}
catch (WebException ex)
{
    Logger.Error(ex);
}

Here is what Message Analyzer records

Handshake

enter image description here

Alert

enter image description here

like image 272
Mike Flynn Avatar asked Dec 05 '18 18:12

Mike Flynn


People also ask

Can not create SSL TLS secure channel?

The error “The request was aborted: Could not create SSL/TLS secure channel.” can happen during any download HTTP request. This error generally will correspond to firewalls, proxies or DNS filtering blocking the connection or an SSL/TLS cipher misconfiguration.

Can't create SSL TLS secure channel IIS?

However, the "Could not create SSL/TLS secure channel" error usually means that there's something wrong with the server certificate, e.g. the certificate is for a different hostname, or otherwise invalid, or not trusted etc.

How do I fix SSL TLS issues in Visual Studio 2017?

Open Visual Studio and open the solution containing the web project you'd like to run in IIS Express with SSL. Verify that SSL Enabled is set to True . If you are working with a web project for which SSL has not yet been enabled, set SSL Enabled to True .


2 Answers

It was a configuration issue on the other server in Apache. They loosened their SSL configuration, which I am not sure what they did but their previous configuration is below. I can now make a HTTP request to their server.

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
SSLHonorCipherOrder on
SSLCompression off

SSLOptions +StrictRequire
like image 159
Mike Flynn Avatar answered Oct 04 '22 00:10

Mike Flynn


It's possible that your destination server does not have any of the cipher suites configured for SSLv2 and SSLv3. You need to check that your client allows connecting using the cipher suits configured on the server for the allowed SSL protocols.

In Windows use:

Get-TlsCipherSuite    [[-Name] <String>]    [<CommonParameters>]

in power shell. Reference - https://docs.microsoft.com/en-us/powershell/module/tls/get-tlsciphersuite

To add cipher suites in windows:

Enable-TlsCipherSuite
      [[-Position] <UInt32>]
      [-Name] <String>
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Reference - https://docs.microsoft.com/en-us/powershell/module/tls/Enable-TlsCipherSuite

To get the existing cipher suites in Linux:

openssl ciphers [-v] [-V] [-ssl2] [-ssl3] [-tls1] [cipherlist]

Reference - https://linux.die.net/man/1/ciphers

like image 34
hoz Avatar answered Oct 03 '22 23:10

hoz