Flyingkiwi
Reputation: 3175
Error "Could not create SSL/TLS secure channel." despite manually setting TLS
Here's my C# code, running on Windows 8:
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse(); // FAIL!!!
The exception is "Could not create SSL/TLS secure channel.".
If I try the URL in a browser, it works. Looking at the certificate (it's an HTTPS request), I can see that the certificate is using the following:
Your connection to madis-data.noaa.gov is encrypted using an obsolete cipher suite.
The connection uses TLS 1.0.
The connection is encrypted using AES_128_CBC,
with HMAC-SHA1 for message authentication and DHE_RSA
as the key exchange mechanism.
I have turned on tracing in the web.config to see exactly what is happening, and here is the output:
System.Net Information: 0 : [13952] ConnectStream#38701186::ConnectStream(Buffered 5 bytes.)
System.Net Information: 0 : [13952] Associating HttpWebRequest#59795752 with ConnectStream#38701186
System.Net Information: 0 : [13952] Associating HttpWebRequest#59795752 with HttpWebResponse#1266475
System.Net Verbose: 0 : [13952] Exiting HttpWebRequest#59795752::GetResponse() -> HttpWebResponse#1266475
System.Net Verbose: 0 : [13952] HttpWebResponse#1266475::GetResponseStream()
System.Net Information: 0 : [13952] ContentLength=5
System.Net Verbose: 0 : [13952] Exiting HttpWebResponse#1266475::GetResponseStream() -> ConnectStream#38701186
System.Net Verbose: 0 : [13952] ConnectStream#38701186::Read()
System.Net Verbose: 0 : [13952] Data from ConnectStream#38701186::Read
System.Net Verbose: 0 : [13952] 00000000 : 44 6F 6E 65 2E : Done.
System.Net Verbose: 0 : [13952] Exiting ConnectStream#38701186::Read() -> Int32#5
System.Net Verbose: 0 : [13952] ConnectStream#38701186::Read()
System.Net Verbose: 0 : [13952] Exiting ConnectStream#38701186::Read() -> Int32#0
System.Net Verbose: 0 : [2548] WebRequest::Create(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV)
System.Net Verbose: 0 : [2548] HttpWebRequest#27754753::HttpWebRequest(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV#-2142986532)
System.Net Verbose: 0 : [2548] Exiting HttpWebRequest#27754753::HttpWebRequest()
System.Net Verbose: 0 : [2548] Exiting WebRequest::Create() -> HttpWebRequest#27754753
System.Net Verbose: 0 : [2548] HttpWebRequest#27754753::GetResponse()
System.Net Verbose: 0 : [2548] ServicePoint#40143513::ServicePoint(madis-data.noaa.gov:443)
System.Net Information: 0 : [2548] Associating HttpWebRequest#27754753 with ServicePoint#40143513
System.Net Information: 0 : [2548] Associating Connection#34830681 with HttpWebRequest#27754753
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Socket()
System.Net.Sockets Verbose: 0 : [2548] Socket#729977::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#729977::Socket()
System.Net.Sockets Verbose: 0 : [2548] DNS::TryInternalResolve(madis-data.noaa.gov)
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Connect(140.172.12.193:443#-1056133833)
System.Net.Sockets Information: 0 : [2548] Socket#36216217 - Created connection from 10.211.55.4:49219 to 140.172.12.193:443.
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Connect()
System.Net.Sockets Verbose: 0 : [2548] Socket#729977::Close()
System.Net.Sockets Verbose: 0 : [2548] Socket#729977::Dispose()
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#729977::Close()
System.Net Information: 0 : [2548] Connection#34830681 - Created connection from 10.211.55.4:49219 to 140.172.12.193:443.
System.Net Information: 0 : [2548] TlsStream#59226404::.ctor(host=madis-data.noaa.gov, #certs=0)
System.Net Information: 0 : [2548] Associating HttpWebRequest#27754753 with ConnectStream#58631946
System.Net Information: 0 : [2548] HttpWebRequest#27754753 - Request: GET /madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV HTTP/1.1
System.Net Information: 0 : [2548] ConnectStream#58631946 - Sending headers
{
Host: madis-data.noaa.gov
Connection: Keep-Alive
}.
System.Net Information: 0 : [2548] SecureChannel#35318308::.ctor(hostname=madis-data.noaa.gov, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [2548] Enumerating security packages:
System.Net Information: 0 : [2548] Negotiate
System.Net Information: 0 : [2548] NegoExtender
System.Net Information: 0 : [2548] Kerberos
System.Net Information: 0 : [2548] NTLM
System.Net Information: 0 : [2548] TSSSP
System.Net Information: 0 : [2548] pku2u
System.Net Information: 0 : [2548] LiveSSP
System.Net Information: 0 : [2548] WDigest
System.Net Information: 0 : [2548] Schannel
System.Net Information: 0 : [2548] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [2548] CREDSSP
System.Net Information: 0 : [2548] SecureChannel#35318308 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [2548] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [2548] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = madis-data.noaa.gov, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [2548] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=127, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Send()
System.Net.Sockets Verbose: 0 : [2548] Data from Socket#36216217::Send
System.Net.Sockets Verbose: 0 : [2548] 00000000 : 16 03 01 00 7A 01 00 00-76 03 01 55 CB 07 87 0F : ....z...v..U....
System.Net.Sockets Verbose: 0 : [2548] 00000010 : 05 21 DE ED FF 2F E8 87-E5 CD 90 BF 81 CF B9 87 : .!.../..........
System.Net.Sockets Verbose: 0 : [2548] 00000020 : CA 7F 1A 5A D1 00 0B 67-FF A2 62 00 00 18 C0 14 : ...Z...g..b.....
System.Net.Sockets Verbose: 0 : [2548] 00000030 : C0 13 00 35 00 2F C0 0A-C0 09 00 38 00 32 00 0A : ...5./.....8.2..
System.Net.Sockets Verbose: 0 : [2548] 00000040 : 00 13 00 05 00 04 01 00-00 35 00 00 00 18 00 16 : .........5......
System.Net.Sockets Verbose: 0 : [2548] 00000050 : 00 00 13 6D 61 64 69 73-2D 64 61 74 61 2E 6E 6F : ...madis-data.no
System.Net.Sockets Verbose: 0 : [2548] 00000060 : 61 61 2E 67 6F 76 00 0A-00 06 00 04 00 17 00 18 : aa.gov..........
System.Net.Sockets Verbose: 0 : [2548] 00000070 : 00 0B 00 02 01 00 00 23-00 00 FF 01 00 01 00 : .......#.......
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Send() -> Int32#127
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Receive()
System.Net.Sockets Verbose: 0 : [2548] Data from Socket#36216217::Receive
System.Net.Sockets Verbose: 0 : [2548] 00000000 : 15 03 01 00 02 : .....
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Receive()
System.Net.Sockets Verbose: 0 : [2548] Data from Socket#36216217::Receive
System.Net.Sockets Verbose: 0 : [2548] 00000005 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Receive() -> Int32#2
System.Net Information: 0 : [2548] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 8c0ec23d10:c8f6c09a90, targetName = madis-data.noaa.gov, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [2548] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Dispose()
System.Net Error: 0 : [2548] Exception in HttpWebRequest#27754753:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [2548] Exception in HttpWebRequest#27754753::GetResponse - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [2548] WebRequest::Create(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV)
System.Net Verbose: 0 : [2548] HttpWebRequest#31219764::HttpWebRequest(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV#-2142986532)
System.Net Verbose: 0 : [2548] Exiting HttpWebRequest#31219764::HttpWebRequest()
System.Net Verbose: 0 : [2548] Exiting WebRequest::Create() -> HttpWebRequest#31219764
System.Net Verbose: 0 : [2548] HttpWebRequest#31219764::GetResponse()
System.Net Information: 0 : [2548] Associating HttpWebRequest#31219764 with ServicePoint#40143513
System.Net Information: 0 : [2548] Associating Connection#18847233 with HttpWebRequest#31219764
System.Net.Sockets Verbose: 0 : [2548] Socket#28460958::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#28460958::Socket()
System.Net.Sockets Verbose: 0 : [2548] Socket#25961122::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#25961122::Socket()
System.Net.Sockets Verbose: 0 : [2548] Socket#28460958::Connect(140.172.12.193:443#-1056133833)
System.Net.Sockets Information: 0 : [2548] Socket#28460958 - Created connection from 10.211.55.4:49220 to 140.172.12.193:443.
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#28460958::Connect()
System.Net.Sockets Verbose: 0 : [2548] Socket#25961122::Close()
System.Net.Sockets Verbose: 0 : [2548] Socket#25961122::Dispose()
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#25961122::Close()
There is no certificate that has to be installed for this to work, but I see in the trace output that "Left with 0 client certificates to choose from." I don't know how to solve this, though.
I have been scouring StackOverflow and the web for a solution for hours with no success. Does anyone have a suggestion for me?
UPDATE: As a workaround, I tried using powershell from the command line to get the data instead, and surprisingly received the same error! This suggests to me that the problem lies with Windows rather than my .NET implementation.
Here is the output from my command line:
C:\>powershell -Command "(New-Object Net.WebCl
ient).DownloadFile('https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPub
licDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lo
nll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&c
svmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nv
ars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&
nvars=PRESWEA&nvars=SKYCOV', 'madis.csv')"
Exception calling "DownloadFile" with "2" argument(s): "The request was
aborted: Could not create SSL/TLS secure channel."
At line:1 char:1
+ (New-Object
Net.WebClient).DownloadFile('https://madis-data.noaa.gov/madisPublic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
Upvotes: 1
Views: 4708
Answers (2)
Flyingkiwi
Reputation: 3175
Issue was a problematic SSL certificate on the host, which has since been resolved.
Upvotes: 0
Francois
Reputation: 893
This worked for me in PowerShell:
$url = "https://madis-data.noaa.gov/madisPublic1..."
$filename = "madis.csv"
[Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls
$webClient = new-object System.Net.WebClient
$webClient.DownloadFile( $url, $filename )
and this worked in c#
var url = @"https://madis-data.noaa.gov/madisPublic1...";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
WebClient wc = new WebClient();
wc.DownloadFile(url, "madis.csv");
Upvotes: 1
Related Questions
- Could not create SSL/TLS secure channel, despite setting ServerCertificateValidationCallback
- C# Could not create ssl/tls secure channel on Windows 7/Windows Server, using TLS1.2
- Could not create SSL/TLS secure channel only on Windows Server 2012
- Could not create SSL/TLS secure channel from .NET C#
- Error when making request: The request was aborted: Could not create SSL/TLS secure channel
- WebRequest Error - Could not create SSL/TLS secure channel
- Could not create SSL/TLS secure channel. SecureChannelFailure
- Could not create SSL/TLS secure channel even with certificate
- HTTP C# client: Could not create SSL/TLS secure channel
- SSL Webservice: Could not create SSL/TLS secure channel