Search code examples
ssl.net-coretls1.2windows-server-2008pcf

TLS1.2 error while connecting to a webservice on WIN2008 from PCF hosted dotnetcore application


I have developed a new dotnet core web API (client app) which connects to a web service hosted on WIN 2008 server (server app). I am connecting to this server web service using external services capability.

This call works absolutely fine and I get response from web service when client application is hosted on my local machine, however when I host same client application on PCF , I hit a snag. I see connection reset error on client app logs and following messages on 2008 server event viewer :

TLS 1.2 The handle is invalid An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server

I verified TLS 1.2 settings on registry for 2008 server and tls 1.2 is enabled HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

So I am looking for help in advising if there is something I can do to disable this in a lower environment ? or PCF stack would override with tls 1.2 anyway ?

Am I missing to check something on the WIN 2008 server ?

My local machine - Windows 10

PCF stack - CFLINUXFS3

Any advise would help!


Solution

  • This problem occurred because of missing ciphers in WIN 2008 server. After adding all default WIN 2008 ciphers , the problem was gone.