How to add to the cipher suites available to ASP.NET HttpRequest client?

Question

When my ASP.NET website is running on a windows 7 box, it can connect (programmatically as a \"client\") to an SSL-encrypted service (\"server\") on another windows 7 machin

Answer 1

The solution was to generate my certificate again, this time forcing RSA and SHA1 (though SHA1 should be the default anyway). For some reason Win Server 2k3 couldn't or wouldn't use the right ciphers with a default makecert certificate. Here is the command line that worked for me:

makecert -pe -r -ss my -sr localMachine -n "CN=domainnameoripaddressgoeshere.com" -e 01/01/2098 -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

For details see http://mgowen.com/2013/06/19/cipher-suites-issue/ and http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx .

If anyone finding this does want to know about cipher suites though, here's some stuff I found along the way that may help you:

• You can add two RSA cipher suites to windows server 2003 using this hotfix: http://support.microsoft.com/kb/948963
• You can see which ciphers are supported in regedit (windows registry editor) under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
• You can use IIS Crypto (a free cipher config app, https://www.nartac.com/Products/IISCrypto/) to view and enable/disable ciphers (including those hotfix ciphers above).