Search code examples
visual-studionugetmsbuild-task

MSBuild Restore gives "The request was aborted: Could not create SSL/TLS secure channel."

On my build server I use an MSBuild Restore task to restore Nuget packages before the build, but I get the error:

Unable to load the service index for source https://api.nuget.org/v3/index.json.

An error occurred while sending the request.

The request was aborted: Could not create SSL/TLS secure channel.

When I call Nuget.exe instead it works.

MSBuild version = "16.8.2+25e4d540b" The server is quite old, it is a Windows 2008 R2 SP1.

I have tried to examine if there was a problem with TLS 1.2 so I ran a small program to test the protocols. I got the code from here: https://gist.github.com/zivkan/5291f507c8c5724d41a18357b7afcd30

Thread: https://developercommunity.visualstudio.com/content/problem/1096460/nuget-not-working-again-could-not-create-ssltls-se.html

The result was:

None worked

Ssl2 failed

Ssl3 failed

Tls failed

Default failed

Tls11 failed

Tls12 worked

Tls13 failed

This should be OK according the comments.

What should I do next to get MSBuild restore to work?

Solution

  • Try this:

    Suggestions

    1) Since you have only installed TLS1.2 rather than TLS1.3. Try to turn it on. Run these command under Developer Powershell for VS2019 as Administrator:

    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v DisabledByDefault /t REG_DWORD /d 0 /f /reg:32
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v DisabledByDefault /t REG_DWORD /d 0 /f /reg:64
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f /reg:32
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f /reg:64

    2) if the step one does not work, try these:

    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force | Out-Null
    
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
    
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force | Out-Null
    
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
    
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
Write-Host 'TLS 1.3 has been disabled.'

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:32