Google-api-dotnet-client: The request was aborted: Could not create SSL/TLS secure channel.

Created on 7 Feb 2017  路  13Comments  路  Source: googleapis/google-api-dotnet-client

We recently moved to a server 2016 machine and we had the following error:

"The request was aborted: Could not create SSL/TLS secure channel."

After some playing around and everything I found out that if I put in the following line of code before all cert calls it works fine:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

When we were on Server 2008 this wasn't an issue. I've seen this as an error on other libraries as well and they ended up forcing Tls in the library. What was odd was I had no problem locally when testing, only when deployed to the server.

needs investigating

Most helpful comment

I'm not exactly clear what's going on here.
.NET4.6 changes the default set of enabled SSL/TLS protocols from .NET4.5
Windows Server 2016 appears to now explicitly not support SSL, only support TLS.

So this might be a combination of code built for .NET4.5, which is trying to use SSL by default (rather than TLS) on Windows 2016 (which doesn't support SSL), although I'm not clear if this is really the case.

I agree that the client library code shouldn't force ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;, although we could possibly OR in Tls12 support. I.e. have ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12; somewhere in the library code; although it is possible this may break some code.

Unfortunately I can't see a way to just enable TLS support for the HttpClient that we use. It appears to only be a global setting.

All 13 comments

Possibly related: http://stackoverflow.com/questions/2859790

As it's a global setting, I'm not sure whether it's really appropriate for us to have that line in the client library code - on the other hand, I can see it being a common problem. One to ponder - so I'm assigning it to Chris...

I'm not exactly clear what's going on here.
.NET4.6 changes the default set of enabled SSL/TLS protocols from .NET4.5
Windows Server 2016 appears to now explicitly not support SSL, only support TLS.

So this might be a combination of code built for .NET4.5, which is trying to use SSL by default (rather than TLS) on Windows 2016 (which doesn't support SSL), although I'm not clear if this is really the case.

I agree that the client library code shouldn't force ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;, although we could possibly OR in Tls12 support. I.e. have ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12; somewhere in the library code; although it is possible this may break some code.

Unfortunately I can't see a way to just enable TLS support for the HttpClient that we use. It appears to only be a global setting.

@chrisdunelm - Thanks and I'm not quite sure what exactly is going on or why it was even trying to do SSL3 by default. All I know is that I had to add the code about using ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; before it would work. And when I used ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; I would get the Could not create SSL/TLS secure channel error. So it seems like by default it's still doing Ssl3.

I know we recently started upgrading our systems as BrainTree told us they would only start accepting Server 2012 and above. I know our BrainTree code hasn't broke from this upgrade, so I was assuming they put the line of code in their code.

I appreciate you looking into this and I assumed maybe it was going to be a bug going forward as Server 2016 is so new, I figured maybe people haven't had time to test the code against 2016 yet. Also, by opening up this ticket maybe it will help people find a solution.

Thanks!

Closing as stale. Please re-open if this is a still an issue.

Can someone please let me know where i need to add this code or change and please specify the location of file in system.

Do you mean the ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; line of code?
If so, then it needs to be one of the first statements in your code. Probably best to be done before any network connections occur.

What file do you mean?

somewhere i read the below one

Add the below code in web application's Global.asax Application_Start() section like shown in the image.
Code: System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
We need to explicitly select the Protocols (TLS 1.1 or TLS 1.2). It resolves issue that is using secured(HTTPS) webservice in the web application not using tls1.0

What file do you mean?
Global.asax

I get the same error message but I'm not a programmer so I don't know what to do exactly. Can you please be more specific on the steps?

@Eckee: It's hard to be more specific without knowing your context. gowthamb4's example is pretty specific if you're using ASP.NET. To be honest though, if you're running into this it suggest you're probably on a very old platform, and you should really look into updating to a more recent version of .NET.

@jskeet I'm so sorry, I found the solution in another thread, I had to manually update to 1.24, that was the case.

@Eckee can you share the solution please.

@Eckee Same worked for me

@jskeet I'm so sorry, I found the solution in another thread, I had to manually update to 1.24, that was the case.

How did you manually update?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

tuwrraphael picture tuwrraphael  路  3Comments

jamierytlewski picture jamierytlewski  路  3Comments

forderud picture forderud  路  6Comments

LindaLawton picture LindaLawton  路  9Comments

LindaLawton picture LindaLawton  路  9Comments