Visual Studio 2019 SSL/TLS secure channel issues

Question

I installed VS 2019 with latest updates/patches. My Windows 10 Enterprise is also fully updated. Unfortunately I can't install any extension from Tools > Extension Manager.

It's always complaining about request abortion.

The request was aborted. Could not create SSL/TLS secure channel.

Also it's impossible to load NuGet official packages with same error message.

To make it clear:

1. I repaired VS installation

2. I enabled all available SSL protocols through Internet Options > Advanced > Settings (SSL 3, TLS { 1.0, 1.1, 1.2, 1.3 })

3. I disabled Windows Firewall completely

UPDATE

I've been busy for couple of days and tonight I've got a time to check it out again. Surprisingly it's working now. I don't know what is happened, may be it was a problem with my internet connection or it was my chance to spend a lot of time to investigate with issue.

I didn't tried solutions provided by below answers. I really appreciate your helps guys. I hope your solutions can help others.

Answer 1

1. Create a restore point
2. Remove bad TLS cert for certificate manger with MMC (steps below)
3. Uninstall IIS Express
4. Run repair on Visual Studio 2019
5. Reboot
6. Run your web application and you should be prompted to create a new cert. Click yes, and then you will be prompted to trust the cert. Click yes again, and the cert will be added to your trusted root authority folder.

To remove the bad certs:

1. Press Windows+R, and in the run window type MMC and press enter
2. Go to File > Add / Remove Snap-in...
3. Select Certificates, then Add
4. In the Certificates snap-in, click Computer account, and then click Finish
5. In the next screen, click Finish again. then click OK. Now you have added the certificates snap-in to the MMC console.
6. On the left, expand Certificates. Then, in both personal and trusted root certification authorities, remove the localhost cert for IIS Express Developer

Answer 2

You can try to translate this doc - https://www.payhd.ru/images/instrukcii/2020/10-03-2020-tls.pdf

And this link will help - https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

I use "Method 2: Microsoft Update Catalog"

All works fine now. No errors in Chrome browser etc. VS 2019 IIS also works fine.

UPD. There is info that instructions are apply to Windows 7 or 8. But maybe it is relevant to Windows 10 too. I have Windows 7 and all that instructions helped me.

Answer 3

See this feedback on Visual Studio's Developer Community website, and/or this issue in the NuGetGallery (nuget.org) GitHub issue tracker.

The only root cause that we're aware of is on Windows 10 machines where TLS 1.3 was enabled in the registry. NuGet is written in, and runs on, .NET, and on Windows .NET uses Windows secure channel APIs to so TLS negotiation. Hence, when Windows is configured to used TLS1.3, all .NET applications using HttpClient or HttpWebRequest will use it. However, TLS 1.3 in Windows 10 1909 and earlier is not supported (I believe it implemeted an early draft of the TLS 1.3 spec, and was not updated when the spec changed, hence it's incompatible with some newer implementations). On Linux and Mac .NET Core uses libssl, so whether it works there depends on if the libssl version supports TLS 1.3 and if so, if it implemented the lastest spec, or an earlier draft.

Since TLS 1.3 is enabled on Windows 10 via a registry key, and changes to the registry is not audited, it's impossible for us to know why so many customers started getting this problem. Since we got many reports starting from the November Patch Tuesday, it seems possible that something has changed, but I talked to someone in the Windows SCHANNEL team who confirmed with me that Windows does not and has never enabled TLS 1.3 by default. This means that customers either manually enabled it, or some other software they installed enabled it, but it's impossible for us to know for sure. All I can do is repeat that TLS 1.3 is not supported in Windows 10 1909 or ealier, and if it's enabled on your machine you must turn it off otherwise Microsoft (Windows team, .NET team or NuGet team) will be unable to provide you support.

The reason it stopped happening for you a week or two ago is because the nuget.org team had their CDN provider disable TLS 1.3 on nuget.org's CDN endpoints. However, if you use other nuget feeds and those web servers have TLS 1.3 enabled, you will encounter the problem again unless you put your machine in a supported configuration (disable TLS 1.3).

Answer 4

1.Try resetting the IE settings(IE options=>Advanced=>Reset...)(In my machine, only TLS 1.0,1.1,1.2 are enabled and they work well.)

2.Check if your issue occurs in company, maybe company's Lan net affect the behavior like this similar issue

And if above not works, as a temporary workaround:

For extensions: you can download them from the website and install it manually.

For nuget packages: Download the required nuget packages to specific folder, and add that path to package source, then you can consume the package in your project. Hope this helps :)

Answer 5

Open the registry, go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

Change DisabledByDefault from 0 to 1.

Save and restart Visual Studio.