Ragwq
Ragwq

Reputation: 41

TLS 1. 2 The client and server cannot communicate, because they do not possess a common algorithm

I have an issue with TLS 1.2. It works if I enable tls1.0 in client machine, but it is not recommended.

Exception is - The client and server cannot communicate, because they do not possess a common algorithmSystem.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm.

Target Framework of my app is .NET 4.6.2.

Upvotes: 4

Views: 39719

Answers (2)

Sinji Yang
Sinji Yang

Reputation: 129

These are my troubleshooting steps to fix the problem.

  1. Install IISCrypto.exe, and turn off TSL 1.0/1.1 on my local server and client, only leave TSL 1.2 enabled.
  2. In my .NET app web.conf
 <system.web>
    <compilation debug="true" targetFramework="4.8" /> 
    <httpRuntime targetFramework="4.8" />
  1. Tools > NuGet Package Manager > Manage NuGet Package for Solution.

Check the installed version of MySql.Data and MySql.Web (was 6.9.9.0)

Install and update MySql.Data and MySql.Web to Version 8.0.23

At this point, my local .NETweb server can talk to local MySql server. But after deployed to the production server (where only TLS 1.2 is enabled), a different error message shows up.

 Fail to load MySql.Data assembly

 WRN: Assembly binding logging is turned OFF.
  1. Check the MySql.Web.dll & MySql.Data.dll under the production server ...\myapp\bin
    Find that MySql.Data.dll is still in version 6.9.

    Copy and paste MySql.Data.dll v.8.0.23 to the production server (from my local bin folder). And it fixes the problem on the production server.

Upvotes: 1

Sagar Borole
Sagar Borole

Reputation: 421

There are two possible scenario, in my case I used 2nd point.

  1. If you are facing this issue in production environment and you can easily deploy new code to the production then you can use of below solution.

    You can add below line of code before making api call,

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5

  2. If you cannot deploy new code and you want to resolve with the same code which is present in the production, then this issue can be done by changing some configuration setting in config file. You can add either of one in your config file.

<runtime>
    <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>
  </runtime>

or

<runtime>
  <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"
</runtime>

Upvotes: 7

Related Questions