Reputation: 306
I am trying to use a HTTP API that works only with HTTPS.
I have the following error when sending a request "WebException: The request was aborted: Could not create SSL/TLS secure channel."
My project targets .NET Framework 4.7.1
I can connect to the server with Firefox but I had to add a security exception, I could export the .crt and install to my windows store and VS project.
ServicePointManager.ServerCertificateValidationCallback +=
(message, cert, chain, errors) => true;
ServicePointManager.SecurityProtocol =
SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls |
SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
handler = new HttpClientHandler();
client = new HttpClient(handler);
client.DefaultRequestHeaders.Add("Connection", "keep-alive");
client.DefaultRequestHeaders.Add("Cache-Control", "max-age=0");
client.DefaultRequestHeaders.Add("username", user);
client.DefaultRequestHeaders.Add("password", password);
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
//handler.ClientCertificates.Add(new X509Certificate(@"./OnSSI.crt"));
handler.ServerCertificateCustomValidationCallback +=
(message, cert, chain, errors) => true;
EDIT: Some more information form firefox about the certificate:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128bit keys, TLS1.2
PKCS #1 MD5 With RSA Encryption
EDIT2: I think that the main problem is that the callback validation function is not called by the handler, I added a breakpoint at the return true argument and it is not hitting.
EDIT3: It seems to work with .NET core 2.0, I am still looking for a solution in .NET Framework 4.7
EDIT4: I created a .NET standard library with the code, when I use a .NET framework app to start I get the error while I don't with a .NET core app
Upvotes: 4
Views: 8798
Reputation: 66
It works setting the SecurityProtocol variable only with the Tls value, as follows :
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
Basically, it seems .NETCORE do it implicitly by selecting native Tls version protocol. .NETFRAMEWORK is less intuitive (lesser portability requirement).
Upvotes: 5