Mremoteng: 'Download and Install' option on Win10 FAILS with error "The request was aborted: Could not create SSL/TLS secure channel"
The 'Download and Install' option from version 1.175.1012.16184 on Win10x64 Pro v1803 FAILS with error "The request was aborted: Could not create SSL/TLS secure channel"
I got challenged by mRemoteNG v1.175.1012.16184 when I started it to update to the latest version (1.76.10.42392) and after clicking the 'Download and Install' option I expected the update process to begin.
But clicking the 'Download and Install' option fails and it gives me a SSL related error and I am not able to upgrade my mRemoteNG to the recent version.
Is there a expired SSL cert issue somewhere in the process? I want the 'Download and Install' option to work as it allows me to upgrade my version on Win10 in place.
To reproduce:
- Open mRemoteNG v1.175.1012.16184 on a Win10 PC
- Check for updates by choosing "Help > Check for Updates"
- You should be notified there is a new option and be presented with a 'Download and Install' button
- Click the 'Download and Install' button and see the error "The request was aborted: Could not create SSL/TLS secure channel." presented in the Notifications panel
My Environment
- Version used: mRemoteNG v1.175.1012.16184
- Operating System and version: Win10x64 Pro v1803 Build 17134.345
dimers
All 6 comments
This occurred for me as well. Manual download needed to bypass.
mjmooney
on 12 Oct 2018
I've been able to replicate this too, but only in the released version. Trying to debug this in a debug version of the app does not cause the error. Haven't tried debugging the release version yet.
sparerd
on 12 Oct 2018
I could try to get more info if it would be of assistance. I use "portable" installations of mremote across multiple machines, so I should be able to step back to previous version pretty easily. I have only a passing familiarity with JIT debugging, any specific steps needed to capture useful data?
mjmooney
on 14 Oct 2018
I was able to hunt down the issue - please see below
Short version
We can't fix this for v1.75 users - please download and upgrade manually through the website or GitHub.
Longer description
mRemoteNG v1.75 was compiled against .Net Framework 4.0 which does not contain support for TLS1.2. Since GitHub is our web provider for downloading updates and they have disabled TLS1.0, any in-app update attempts using mRemoteNG v1.75 will fail.
There are hacky ways to enable TLS1.2 support for apps compiled for .NET 4.0, but honestly it's not worth the trouble. The only thing the in-app updater does is download and run the normal .MSI installer (or download the .zip if using the portable version).
mRemoteNG v1.75 users will need to manually update their version. v1.76 users will not have a problem since we updated to compile against .NET 4.6.
sparerd
on 14 Oct 2018
The simple workaround is to force use of TLS 1.2 in the registry, if you don't want to update manually.
It worked after I put in the first registry keys, actually the wow6432node reg key enabled it. Just restart the application and you're good to go.
_Do remove the key afterwards, because it might have consequences for other applications!_
Stackoverflow solution reproduced below
Make the following changes in your Registry and it should work:
1.) .NET Framework strong cryptography registry keys
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
2.) Secure Channel (Schannel) TLS 1.2 registry keys
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
twildeman
on 19 Oct 2018
The simple workaround is to force use of TLS 1.2 in the registry, if you don't want to update manually.
A note on that is that you can only force TLS 1.2 if .Net 4.5 is installed on the system, since 4.0 doesn't have support, but this can be installed afterwards side-by-side.
It will however work even if targeted to 4.0 then. Default global settings just use ssl and tls1.0.
You can get/set this in code/powershell session with: [System.Net.ServicePointManager]::SecurityProtocol
Otherwise clever solution though.
JimWolff
on 15 Nov 2018
Related issues
PCNerd2001
路
3Comments
sparerd
路
3Comments
pfjason
路
4Comments
sparerd
路
4Comments
sparerd
路
3Comments
Most helpful comment
I was able to hunt down the issue - please see below
Short version
We can't fix this for v1.75 users - please download and upgrade manually through the website or GitHub.
Longer description
mRemoteNG v1.75 was compiled against .Net Framework 4.0 which does not contain support for TLS1.2. Since GitHub is our web provider for downloading updates and they have disabled TLS1.0, any in-app update attempts using mRemoteNG v1.75 will fail.
There are hacky ways to enable TLS1.2 support for apps compiled for .NET 4.0, but honestly it's not worth the trouble. The only thing the in-app updater does is download and run the normal .MSI installer (or download the .zip if using the portable version).
mRemoteNG v1.75 users will need to manually update their version. v1.76 users will not have a problem since we updated to compile against .NET 4.6.