elpha01
elpha01

Reputation: 306

HTTP C# client: Could not create SSL/TLS secure channel

I am trying to use a HTTP API that works only with HTTPS.

I have the following error when sending a request "WebException: The request was aborted: Could not create SSL/TLS secure channel."

My project targets .NET Framework 4.7.1

I can connect to the server with Firefox but I had to add a security exception, I could export the .crt and install to my windows store and VS project.

ServicePointManager.ServerCertificateValidationCallback += 
    (message, cert, chain, errors) => true;
ServicePointManager.SecurityProtocol = 
    SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | 
    SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

handler = new HttpClientHandler();
client = new HttpClient(handler);

client.DefaultRequestHeaders.Add("Connection", "keep-alive");
client.DefaultRequestHeaders.Add("Cache-Control", "max-age=0");
client.DefaultRequestHeaders.Add("username", user);
client.DefaultRequestHeaders.Add("password", password);

handler.ClientCertificateOptions = ClientCertificateOption.Manual;

//handler.ClientCertificates.Add(new X509Certificate(@"./OnSSI.crt"));
handler.ServerCertificateCustomValidationCallback += 
    (message, cert, chain, errors) => true;

EDIT: Some more information form firefox about the certificate:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128bit keys, TLS1.2
PKCS #1 MD5 With RSA Encryption

EDIT2: I think that the main problem is that the callback validation function is not called by the handler, I added a breakpoint at the return true argument and it is not hitting.

EDIT3: It seems to work with .NET core 2.0, I am still looking for a solution in .NET Framework 4.7

EDIT4: I created a .NET standard library with the code, when I use a .NET framework app to start I get the error while I don't with a .NET core app

Upvotes: 4

Views: 8798

Answers (1)

Kal Axone
Kal Axone

Reputation: 66

It works setting the SecurityProtocol variable only with the Tls value, as follows :

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

Basically, it seems .NETCORE do it implicitly by selecting native Tls version protocol. .NETFRAMEWORK is less intuitive (lesser portability requirement).

Upvotes: 5

Related Questions