question

KhalidSalameh-7017 avatar image
0 Votes"
KhalidSalameh-7017 asked ZhiLv-MSFT commented

The request was aborted: Could not create SSL/TLS secure channel

Hi all,

I'm facing an issue once I want to call HttpWebRequest and error says: The request was aborted: Could not create SSL/TLS secure channel

First of all I'm working with company have high security standards, firewalls are applied.

I have three servers,
Server A: My workstation.
Server B: My colleague workstation
Server C: Business Team Server

The code is as below for HttpWebRequest, and it is working without errors in my workstation [ working without SecurityProtocol code ]
Request to URL starting with "https"

119394-code1.png


Once I deploy it to my colleague server, he got an error says:

119395-code2-algorithm.png


Then I added below two lines to the code, after we deploy it again, it is working in my colleague server.

119414-code3.png


Now, once I deploy it on Business server, Non of above code is working, and we got an error: The request was aborted: Could not create SSL/TLS secure channel


Kindly note I tried the below also:


119435-code4.png



  • Most important point is related to registry of server, I changed values of my workstation registry of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols to be same as my colleague server, then I got same error that he faced which is "the client and server cannot communicate, because they do not possess a common algorithm", once I added the code that he added "securityProtocol", then code is working fine..

I tried to change the values of Business Team server, to be same as my workstation registry values, but still we are getting same error of "The request was aborted: Could not create SSL/TLS secure channel"


Registry of Business team server values:

119310-registry.png




The values as below:

TLS1.0
Client
DisabledByDefault 1
Enabled 0
Server
DisabledByDefault 1
Enabled 0

TLS1.1
Client
DisabledByDefault 0
Enabled 0
Server
DisabledByDefault 0
Enabled 1


TLS1.2
Client
DisabledByDefault 0
Enabled ffffffff
Server
DisabledByDefault 1
Enabled ffffffff



Please help, I don't know if I need to add extra code, or the error shown up related to configuration from server??

dotnet-aspnet-core-mvc
code1.png (86.4 KiB)
code2-algorithm.png (50.2 KiB)
code3.png (30.5 KiB)
code4.png (81.9 KiB)
registry.png (66.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Usually what happens is the server requires the latest TLS protocol (TLS 1.2) but the client is has an older OS or targets a framework that does not support the latest TLS version. The first step is figuring out what version of TLS is required. Then make sure the client supports the required TLS version.

TLS Best Practices


0 Votes 0 ·

Dear AgaveJoe ,

Thanks for your reply, how to solve this? or how to check which version of TLS is required.

I checked the TLS installed in the server and my workstation, as per screenshot above, Latest TLS 1.2 is installed.. is there another way to confirm that TLS1.2 is installed?

0 Votes 0 ·

1 Answer

KhalidSalameh-7017 avatar image
0 Votes"
KhalidSalameh-7017 answered ZhiLv-MSFT commented

After long time with searching and tracing the issue, the issue was related to windows server version and installation feature.

The server was worked fine, it is "Windows Server 2016 R2" and the server having an issue or code was not working, it is "Windows Server 2012 R2".

Now they advised to download "Security Advisor update manually" as per this article: https://windowsreport.com/windows-server-not-create-ssl-tls-channel/

but still same issue, is there any idea?



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @KhalidSalameh-7017,

Check the SSL/TLS configuration on the Windows Server 2016 R2 and Windows Server 2012 R2, whether they are enabling the same SSL and TLS protocol version?

0 Votes 0 ·