Reputation: 41
TLS 1. 2 The client and server cannot communicate, because they do not possess a common algorithm
I have an issue with TLS 1.2. It works if I enable tls1.0 in client machine, but it is not recommended.
Exception is - The client and server cannot communicate, because they do not possess a common algorithmSystem.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm.
Target Framework of my app is .NET 4.6.2.
Upvotes: 4
Views: 39719
Answers (2)
Reputation: 129
These are my troubleshooting steps to fix the problem.
- Install IISCrypto.exe, and turn off TSL 1.0/1.1 on my local server and client, only leave TSL 1.2 enabled.
- In my .NET app web.conf
<system.web>
<compilation debug="true" targetFramework="4.8" />
<httpRuntime targetFramework="4.8" />
- Tools > NuGet Package Manager > Manage NuGet Package for Solution.
Check the installed version of MySql.Data and MySql.Web (was 6.9.9.0)
Install and update MySql.Data and MySql.Web to Version 8.0.23
At this point, my local .NETweb server can talk to local MySql server. But after deployed to the production server (where only TLS 1.2 is enabled), a different error message shows up.
Fail to load MySql.Data assembly
WRN: Assembly binding logging is turned OFF.
Check the MySql.Web.dll & MySql.Data.dll under the production server ...\myapp\bin
Find that MySql.Data.dll is still in version 6.9.Copy and paste MySql.Data.dll v.8.0.23 to the production server (from my local bin folder). And it fixes the problem on the production server.
Upvotes: 1
Reputation: 421
There are two possible scenario, in my case I used 2nd point.
If you are facing this issue in production environment and you can easily deploy new code to the production then you can use of below solution.
You can add below line of code before making api call,
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5If you cannot deploy new code and you want to resolve with the same code which is present in the production, then this issue can be done by changing some configuration setting in config file. You can add either of one in your config file.
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>
</runtime>
or
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"
</runtime>
Upvotes: 7
Related Questions
- The client and server cannot communicate, because they do not possess a common algorithm - ASP.NET C# VB Visual Basic IIS TLS 1.0 / 1.1 / 1.2
- HTTP Web Request TLS 1.3 with C# .NET Core 3.1 exception "The client and server cannot communicate, because they do not possess a common algorithm."
- SSLStream.AuthenticateAsServer "The client and server cannot communicate, because they do not possess a common algorithm"
- C# The client and server cannot communicate, because they do not possess a common algorithm
- ASP.NET 4.5 The client and server cannot communicate, because they do not possess a common algorithm
- The client and server cannot communicate, because they do not possess a common algorithm on Windows Server 2008 Web
- client and server cannot communicate, because they do not possess a common algorithm - SSLStream
- SoapHttpClientProtocol and TLS 1.2 - The client and server cannot communicate, because they do not possess a common algorithm
- The client and server cannot communicate, because they do not possess a common algorithm, C# SslStream
- Could not create SSL/TLS secure channel. The client and server cannot communicate, because they do not possess a common algorithm