Description: request aborted: failed to create SSL / TLS secure channel. Could not create SSL/TLS secure channel。 Production platform: Windows Server 2012, Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1

Solution 1:

Set code before Httpwebrequest

ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

Solution 2

If the above method has no effect, it is a system level problem. Update the system patch according to the system you are using now

Update to enable TLS 1.1 and TLS 1.2 as the default security protocol in winhttp in windows. This update provides support for transport layer security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 Sp1. Refer to the official documentationhttps://www.xftsoft.com/link?id=554500000064525498db08d90a346844

Update patch kb3140245:https://www.xftsoft.com/link?id=5545000000645254993d08d90a346844

Enable TLS 1.1 and 1.2 on Windows 7 at the schannel component level (with any of the following updates)

Method 1: update microsofteasyfix51044.msi with microsoft update package

• Microsoft install update registry:https://www.xftsoft.com/link?id=5545000000645254998a08d90a346844

Method 2: manually update the registry

Copy the following registry code and import it into the registry. Create a new TXT, change the suffix txt to reg (registry key), and import (backup before import)

WIN7 64

[HKEY_ LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"=dword:00000a00[HKEY_ LOCAL_ MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"=dword:00000a00[HKEY_ LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"SecureProtocols"=dword:00000a80[HKEY_ CURRENT_ USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"SecureProtocols"=dword:00000a80

Windows Server

[HKEY_ LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"=dword:00000800[HKEY_ LOCAL_ MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"=dword:00000800[HKEY_ LOCAL_ MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001[HKEY_ LOCAL_ MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001[HKEY_ LOCAL_ MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001[HKEY_ LOCAL_ MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001

Verify whether the system supports tls1.2 and tls1.3

PowerShell open:

[Net.ServicePointManager]::SecurityProtocol[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

The first line of code supports TLS version, and the second line of code modifies TLS support

Solution 3

Neither of the first two methods can work. The only way to do this is to upgrade your system to windows 10.

Other references I

https://www.xftsoft.com/link?id=554500000064525499ca08d90a346844

Solutions exist, but they depend on the Framework version:

. net 4.6 and later. You do not need to do any other work to support TLS 1.2, which is supported by default.

.NET 4.5。 TLS 1.2 is supported, but it is not the default protocol. You need to choose to use it. The following code sets TLS 1.2 as the default, make sure to execute it before connecting to a secure resource:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

.NET 4.0。 TLS 1.2 is not supported, but if. Net 4.5 (or later) is installed on the system, you can still choose to use TLS 1.2 even if your application framework does not support TLS 1.2. The only problem is that the securityprotocoltype in. Net 4.0 does not have an entry for tls1.2, so we must use the numeric representation of this enumeration value:

ServicePointManager.SecurityProtocol =（SecurityProtocolType）3072;

. net 3.5 or earlier. TLS 1.2 (*) is not supported and there is no workaround. Upgrade your application to the latest version of the framework.

PS for scenario 3, there is also a registry hacker. By default, TLS 1.2 will be enforced for 4.5 without being enforced programmatically. PPS as Microsoft's Christian pop mentioned below,. Net 3.5 has the latest patch available that enables tls1.2 support.

See:

• KB3154518 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win7 SP1/Win 2008 R2 SP1
• KB3154519 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8 RTM/Win 2012 RTM
• KB3154520 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8.1RTM/Win 2012 R2 RTM
• KB3156421 -1605 HotFix Rollup through Windows Update for Windows 10.

Other references II

The length of the certificate key provided by the website may be 512 bits. According to the current industry standard, it should contain a public key of no less than 2048 bits. Microsoft's security update in September 2016 responded to this problem. If the public key length is less than 2048 bytes (such as RSA 512),Windows can cancel HTTPS connections

The updates installed are

2012 R2 and Windows 8

• KB3185331
• KB3188743
• KB3174644

2008 R2 and Windows 7

• KB3185278
• KB3185330
• KB3192391
• KB3175024
• KB3172605

• This paper consists ofFlying rabbit DownloadCollection and sorting. The content comes from the Internet. Please indicate the source for reprint. Thank you.