Search code examples
c#system.net.httpwebrequestsslv3

Windows 2003 server: The request was aborted. Could not create SSL/TLS secure channel

We are trying to call a public API using System.Net.HttpWebRequest (C# .Net 3.5), which uses certificates to authenticate and encrypt data. While calling APIs from Windows 8.1 system, we see that the API calls are going through successfully. But while calling APIs from Windows 2003 server, it fails with below error.

The request was aborted: Could not create SSL/TLS secure channel.

The needed P12 file and .cert (certificate authority) are installed properly in both the systems. It seems that the public API supports TLS1.1+ protocol (not sure completely but guessing, have already asked API support team to confirm the same), where Windows 2003 server only supports SSLv3 or TLS1.0. Which seems to be an issue. Unfortunately we don't have option to upgrade servers for some time and we only have .Net 3.5 installed on the system with application built with Net 3.5.

Keeping this in mind, is there any way to verify root cause around this issue on Windows server 2003 OR is there anyway to support TLS1.1+ in source code by changing the protocols?

There are options in .Net 4.0 to change the SecurityProtocol to TLS11 or TLS12, but due to not able to upgrade application (being part of suite of applications) to .Net 4.0, that seems difficult to do.



    HttpWebRequest request = new HttpWebRequest(address);

    ServicePointManager.Expect100Continue = true;
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

    X509Store store = new X509Store("My", StoreLocation.LocalMachine);

    // Open the store.
    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

    X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindBySubjectName, "test", false);

    if (coll != null && coll.Count > 0)
    {
       request.ClientCertificates.Add(coll[0]);
    }

Appreciate your help and time. Thanks.

Solution

  • After doing further analysis we found that the server does support TLS 1.0 and SSLv3 but still the application was failing communicating with server using the certificates, with same error, even though Windows 2003 too supports these protocol.

    The IT department later installed ​https://support.microsoft.com/en-us/kb/948963 window patch on Windows 2003 server, which installed AES cipher suite. After installing this patch, the communication started working but intermittently and was not consistent.

    At last we tried Chilkat Http component available at http://www.chilkatsoft.com/HttpDotNet.asp which did the trick and now the API calls are happening consistently using the P12 certificates, TLS 1.0 protocol and AES cipher suites.