Causes and solutions for "The request was aborted. Failed to create an SSL/TLS secure channel"
Description: The request was aborted: Could not create SSL/TLS secure channel.
Build Platform: Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1
Solution 1:
Set the code before HttpWebRequest
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
Solution 2
- If the above method does not work, it is a system-level problem. Update the system patch according to the system you are currently using.
Update to enable TLS 1.1 and TLS 1.2 as the default security protocols in WinHTTP in Windows. This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. Refer to the official documentationhttps://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
Update patch
Setting Default Values
- Enable TLS 1.1 and 1.2 on Windows 7 at the SChannel component level (use one of the following 2.1 or 2.2 updates)
2.1. Microsoft installs and updates the registry:http://download.microsoft.com/download/0/6/5/0658B1A7-6D2E-474F-BC2C-D69E5B9E9A68/MicrosoftEasyFix51044.msi
2.2. Manually update the registry, copy the following registry code and import it into the registry. Create a new txt file, change the suffix txt to reg (registry item), and import it (make a backup before importing)
1 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] |
Verification System
- Verify whether the system supports TLS1.2 and TLS1.3
PowerShell opens:
Net.ServicePointManager::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
Solution 3
- If the previous two methods do not work, you can only use the ultimate method and upgrade the system to Windows 10.
Other references
https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/
Solutions exist, but they depend on the framework version:
.NET 4.6 and later. You don't need to do any additional work to support TLS 1.2, it is supported by default.
.NET 4.5. TLS 1.2 is supported, but it is not the default protocol. You need to opt-in to use it. The following code sets TLS 1.2 as the default, make sure to do it before connecting to a secure resource:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
.NET 4.0 does not support TLS 1.2, but if .NET 4.5 (or later) is installed on your system, then you can still choose to use TLS 1.2 even if your application framework does not support TLS 1.2. The only problem is that SecurityProtocolType in .NET 4.0 does not have an entry for TLS1.2, so we have to use the numeric representation of this enumeration value:
ServicePointManager.SecurityProtocol =(SecurityProtocolType)3072;
.NET 3.5 or lower. TLS 1.2(*) is not supported and there is no workaround. Upgrade your application to the latest version of the framework.
P.S. For scenario 3, there is also a registry hack that will force 4.5 to use TLS 1.2 by default without having to force it programmatically.
P.P.S. As Christian Pop from Microsoft mentioned below, there is a recent patch available for .NET 3.5 which enables TLS1.2 support.
See:
KB3154518 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win7 SP1/Win 2008 R2 SP1
KB3154519 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8 RTM/Win 2012 RTM
KB3154520 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8.1RTM/Win 2012 R2 RTM
KB3156421 -1605 HotFix Rollup through Windows Update for Windows 10.