We are having this error when run to Web API. We already upgraded .NET Framework to 4.8v on Windows Server 2012 R2. Check TLs 1.2 is enabled. 
The request was aborted: Could not create SSL/TLS secure channel Error
Check this (update to enable tls)
This is complete giude
https://docs.microsoft.com/it-it/mem/configmgr/core/plan-design/security/enable-tls-1-2-server
Already check this article for Windows 2012 R2, and set all TLS registry values.
Official ms guide and kb to upgrade .net 4.x has a note:
you must install .net rule to IIS, and then apply upgrade/fix/kb.
So your problem is that tls dont work? Can you post event error please?
Still getting "The request was aborted: Could not create SSL/TLS secure channel Error". Just edit couple registry settings for TLs, but need reboot. Will try again after reboot. (not available to reboot yet.
Web api is on iis server windows 2012 r2 or you can start query from another system to windows 2012 r2?
Check IIS security to use ssl/tls auth and browser check enable tls 1.2
Key reg tls 1.2 is
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\tls 1.2\server
DisableByDefault=1
Enabled=1
Thanks Vito. API is on W2012 R2 Server. This Web API call another external API.
Checked TLS 1.2 Server Registry, sharing below
You need create this keyreg
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\tls 1.2\server\
DisableByDefault=1
Enabled=1
After set TLS 1.2 get Error: SSL connect error
.Revert settings previous.
Still get error below.
"The underlying connection was closed: An unexpected error occurred on a send."
Can you read this doc "Transport Layer Security (TLS) best practices with the .NET Framework" (strong authentication)
An additional information: After TLS 1.2 registry set "1". Other web services are given error "Error: SSL connect error". For revert they are available.
Hi @KaganKassu-7177 ,
I noticed that you said this API on server 2012 is used to call another external API. That means the external API is on another server.
So an important thing is you also need to make sure another server support TLS1.2. Based on the information you've shown and the registry settings, I believe server 2012 already supports TLS1.2.
Note: Microsoft does not recommend that you force the selection of the TLS version, it should be left to the server to choose. When you enable all TLS, the server will choose the most appropriate TLS based on the settings of the client or other calling server.
First, I think you can use a client which support TLS1.2 to call API on server 2012. If it is supported to use browser, you can get the TLS information in client browser. If not support please use network monitor.
Then use network monitor to check if another server which host external API supports TLS1.2. Only another server support TLS1.2 can connection create successfully.
Thanks BruceZhang.
Exactly Internal API calls external one via SOAP or insomnia. External API on Open Shift, TLS v1.3 but told TLS v1.2 is supported.
Hi @KaganKassu-7177 ,
If external API server support TLS1.3, it will also support TLS1.2. But you need to make sure it has enabled TLS1.2.
Then did you try to use network monitor to check if Server 2012 support TLS1.2?
Tried network monitor but SOAP or Insomnia monitoring using API, so unable to check it.
Other API side sent information for TLS: We can not access directly with URL to API. They tested internal with TLS v1.2. I can access via Curl wih root CA. Is there any SSL Cert. problem ?
Thanks for previous links., get some usefull info. I can trace via network monitor, but no return after Client Hello Handshake . No return for Cert/Server Hello. Could be certificate problem here. But not sure on our side or external side? Do you have any possible idea?
Else, i'm sharing my server's current Schannel configuration and trace ss.
Addition, having a tls error when run on browser. Advanced Settings are OK TLS 1.2 TLS1.1. Can this error related with external site Certificate's support on TLS 1.2? But i can acccess with cURL that certificate.
4 people are following this question.
