The request was aborted: Could not create SSL/TLS secure channel

后端 未结 30 1778
遇见更好的自我
遇见更好的自我 2020-11-22 01:21

We are unable to connect to an HTTPS server using WebRequest because of this error message:

The request was aborted: Could not create SSL/TLS secur

相关标签:
30条回答
  • 2020-11-22 01:43

    The problem you're having is that the aspNet user doesn't have access to the certificate. You have to give access using the winhttpcertcfg.exe

    An example on how to set this up is at: http://support.microsoft.com/kb/901183

    Under step 2 in more information

    EDIT: In more recent versions of IIS, this feature is built in to the certificate manager tool - and can be accessed by right clicking on the certificate and using the option for managing private keys. More details here: https://serverfault.com/questions/131046/how-to-grant-iis-7-5-access-to-a-certificate-in-certificate-store/132791#132791

    0 讨论(0)
  • 2020-11-22 01:43

    System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

    In our case, we where using a software vendor so we didn't have access to modify the .NET code. Apparently .NET 4 won't use TLS v 1.2 unless there is a change.

    The fix for us was adding the SchUseStrongCrypto key to the registry. You can copy/paste the below code into a text file with the .reg extension and execute it. It served as our "patch" to the problem.

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001
    
    0 讨论(0)
  • 2020-11-22 01:43

    None of the answers worked for me.

    This is what worked:

    Instead of initializing my X509Certifiacte2 like this:

       var certificate = new X509Certificate2(bytes, pass);
    

    I did it like this:

       var certificate = new X509Certificate2(bytes, pass, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
    

    Notice the X509KeyStorageFlags.Exportable !!

    I didn't change the rest of the code (the WebRequest itself):

    // I'm not even sure the first two lines are necessary:
    ServicePointManager.Expect100Continue = true; 
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
    
    request = (HttpWebRequest)WebRequest.Create(string.Format("https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", server));
    request.Method = "GET";
    request.Referer = string.Format("https://hercules.sii.cl/cgi_AUT2000/autInicio.cgi?referencia=https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", servidor);
    request.UserAgent = "Mozilla/4.0";
    request.ClientCertificates.Add(certificate);
    request.CookieContainer = new CookieContainer();
    
    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    {
        // etc...
    }
    

    In fact I'm not even sure that the first two lines are necessary...

    0 讨论(0)
  • 2020-11-22 01:43

    Another possibility is that the code being executed doesn't have the required premissions.

    In my case, I got this error when using Visual Studio debugger to test a call to a web service. Visual Studio wasn't running as Administrator, which caused this exception.

    0 讨论(0)
  • 2020-11-22 01:44

    One of the biggest causes of this issue is the active .NET Framework version. The .NET framework runtime version affects which security protocols are enabled by default.

    There doesn't seem to be any authoritative documentation on how it specifically works in different versions, but it seems the defaults are determined more or less as follows:

    • .NET Framework 4.5 and earlier - SSL 3.0, TLS 1.0
    • .NET Framework 4.6.x - TLS 1.0, 1.1, 1.2, 1.3
    • .NET Framework 4.7+ - System (OS) Defaults

    (For the older versions, your mileage may vary somewhat based on which .NET runtimes are installed on the system. For example, there could be a situation where you are using a very old framework and TLS 1.0 is not supported, or using 4.6.x and TLS 1.3 is not supported)

    Microsoft's documentation strongly advises using 4.7+ and the system defaults:

    We recommend that you:

    • Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
    • Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
    • Perform a thorough code audit to verify you're not specifying a TLS or SSL version.

    For ASP.NET sites: check the targetFramework version in your <httpRuntime> element, as this (when present) determines which runtime is actually used by your site:

    <httpRuntime targetFramework="4.5" />
    

    Better:

    <httpRuntime targetFramework="4.7" />
    
    0 讨论(0)
  • 2020-11-22 01:45

    "The request was aborted: Could not create SSL/TLS secure channel" exception can occur if the server is returning an HTTP 401 Unauthorized response to the HTTP request.

    You can determine if this is happening by turning on trace-level System.Net logging for your client application, as described in this answer.

    Once that logging configuration is in place, run the application and reproduce the error, then look in the logging output for a line like this:

    System.Net Information: 0 : [9840] Connection#62912200 - Received status line: Version=1.1, StatusCode=401, StatusDescription=Unauthorized.
    

    In my situation, I was failing to set a particular cookie that the server was expecting, leading to the server responding to the request with the 401 error, which in turn led to the "Could not create SSL/TLS secure channel" exception.

    0 讨论(0)
提交回复
热议问题