Search code examples
c#sslwindows-7tls1.2dotnet-httpclient

C# SSL exception on Windows 7

var httpClientHandler = new HttpClientHandler
{
    SslProtocols = SslProtocols.Tls12,
    ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; },
};

var httpClient = new HttpClient(httpClientHandler)
{
    BaseAddress = new Uri("https://api.myservice.com:4443"),
    Timeout = TimeSpan.FromSeconds(10),
};

var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes($"USER1:PASS1"));
httpClient.DefaultRequestHeaders.Add("Authorization", $"Basic {credentials}");

var result = await httpClient.PostAsync("/login", null);

MyApp.csproj

<PropertyGroup Condition="'$(Configuration)'=='Release' And '$(TargetFramework)'=='net5.0-windows' And '$(RuntimeIdentifier)'=='win-x86'">
    <OutputPath>..\..\release\</OutputPath>
    <AssemblyName>my-app</AssemblyName>
    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
    <AppendRuntimeIdentifierToOutputPath>false</AppendRuntimeIdentifierToOutputPath>
</PropertyGroup>
  • my-app.exe is x86 assembly with .NET 5.0
  • .NET 5.0 runtimes are installed (both x86 and x64)
  • .NET framework 4.8 is installed
  • KB3033929, KB3063858 and KB3140245 are installed
  • https://api.myservice.com:4443 supports TLS 1.2

it works with Win10 x64 but with Win7 Sp1 x64 it generates:

The SSL connection could not be established, see inner exception.
  • the inner exception is empty

I've already added these registry entries:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
Solution

  • the issue was fixed just by appending these lines to registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003

    RSA/SHA512
ECDSA/SHA512

    the registry file to merge

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003]
"Functions"=hex(7):52,00,53,00,41,00,2f,00,53,00,48,00,41,00,32,00,35,00,36,00,\
  00,00,52,00,53,00,41,00,2f,00,53,00,48,00,41,00,33,00,38,00,34,00,00,00,52,\
  00,53,00,41,00,2f,00,53,00,48,00,41,00,31,00,00,00,45,00,43,00,44,00,53,00,\
  41,00,2f,00,53,00,48,00,41,00,32,00,35,00,36,00,00,00,45,00,43,00,44,00,53,\
  00,41,00,2f,00,53,00,48,00,41,00,33,00,38,00,34,00,00,00,45,00,43,00,44,00,\
  53,00,41,00,2f,00,53,00,48,00,41,00,31,00,00,00,44,00,53,00,41,00,2f,00,53,\
  00,48,00,41,00,31,00,00,00,52,00,53,00,41,00,2f,00,53,00,48,00,41,00,35,00,\
  31,00,32,00,00,00,45,00,43,00,44,00,53,00,41,00,2f,00,53,00,48,00,41,00,35,\
  00,31,00,32,00,00,00,00,00
@="NCRYPT_SCHANNEL_SIGNATURE_INTERFACE"

    check out this answer https://stackoverflow.com/a/54523827/14953032