TLS 1.2 Error With C# .Net : The underlying connection was closed: An unexpected error occurred on a send

Question

I have a c# .net site and my site do request to bank for payment system. Everything was good about 3-4 days ago, But Now I cant request to bank server from my server. I get this error: "The underlying connection was closed: An unexpected error occurred on a send." when I try request to bank.

I am getting this error when I request it from .net c# code.

"The underlying connection was closed: An unexpected error occurred on a send."

Here is my code;

    public string Send(string request)
{
    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

    try
    {
        string postData = "";
        string responseData = "";
        System.Text.Encoding encoding = System.Text.Encoding.GetEncoding("ISO-8859-9");

        postData = "https://xxxxxxxxx.aspx?data=[DATA]";
        postData = postData.Replace("[DATA]", request);
        HttpWebRequest webReq = (HttpWebRequest)WebRequest.Create(postData);
        webReq.Timeout = 60000;
        webReq.KeepAlive = false;
        webReq.Method = "GET";
        WebResponse webResp = webReq.GetResponse();
        Stream respStream = webResp.GetResponseStream();

        byte[] buffer = new byte[10000];
        int len = 0, r = 1;
        while (r > 0)
        {
            r = respStream.Read(buffer, len, 10000 - len);
            len += r;
        }
        respStream.Close();
        responseData = encoding.GetString(buffer, 0, len).Replace("\r", "").Replace("\n", "");
        return responseData;
    }
    catch (System.Net.Sockets.SocketException ex)
    {
        return null;
    }
    catch (Exception ex)
    {
        return null;
    }
}

I am getting this error When I try from IE 11.

When I try IE 11, EventViewer is showing an error.

A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

But There is an interesting thing here, Chrome and Firefox can go same adress.

• OS: Windows Server 2012 R2
  • All Certificates installed.
  • TLS settings configured for POODLE.(From: http://wiki.maestropanel.com/windows-server-ssl-tls-yapilandirmasi/)
  • IIS Version: 8.5
  • .Net Version: 4.5

Thanks for help!

Answer 1

It's possible that the bank website changed its SSL certificate, or otherwise changed its security configuration, such that when your client sends the list of cipher_suites values that it is able to accept in its initial SSL handshaking/negotiation "Client Hello" message, there is no match with what the bank is (now) willing to support.

Chrome and Firefox (evidently) have their own sets of cipher_suites values that are independent of your operating system's configured values, which is why they are still working when Internet Explorer is not.

I'd suggest downloading Microsoft Message Analyzer, and using it to run a trace on the SSL negotiation that occurs when you try and fail to establish an SSL connection to the bank website (in your C# app or in Internet Explorer). Then, run another trace on what happens when the SSL negotiation succeeds (in Firefox or Chrome).

Hopefully, you'll see some difference between the two Client Hello messages that'll allow you to pinpoint what about the failing SSL negotiation is causing it to fail. Then you should be able to make configuration changes to Windows that will allow it to succeed. IISCrypto is a great tool to use for this (even for client PCs, despite the "IIS" name).

The following two Windows registry keys govern the cipher_suites values that your PC will use:

• HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
• HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

Here's a full writeup of how I solved a very similar problem to yours earlier today: http://blog.jonschneider.com/2016/08/fix-ssl-handshaking-error-in-windows.html