.Net Class Library is based on 4.5 and using HtmlAgilityPack, I was calling an https URL and it was working fine.
After the website is updated and will not support old browsers which are not TLS v1.2 compliant. Getting the error -
The request was aborted: Could not create SSL/TLS secure channel
Tried below article, still it is not working
https://kevinchalet.com/2019/04/11/forcing-an-old-net-application-to-support-tls-1-2-without-recompiling-it/
The SharePoint Server is installed on Windows Server 2012 R2 and the configuration as follows
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
In VS 2015, there is no option to upgrade to .NET Framework 4.7 and when i did it to .net 4.7 from another machine also the same error persist.
Tried all below option.Still unable to use HtmlAgilityPack. Please suggest
Hi
@SGH
,
Considering that you may need to switch to Tls13, try to upgrade your app to .NET Framework 4.8
which has supported Tsl13
.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
In the code, I need to use this right ? - ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
what about support runtime.
I tried the below options before. But it did not work.
https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-net-framework-35---452-and-not-wcf
Do I need to change anything in the App.Config
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
From the Window Server 2012 R2, the solution is not working. But the same solution works in Windows 10 Machine if the target framework is .net framework 4.5.2
When we change target frame work to .net framework 4.8, and update the code with ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
</startup>
Getting the following error in Windows 10 machine.
In that case the only way would make it work would be to use the other SSL libraries. .NET framework uses SChannel to provide HTTPS encryption, however TLS1.3 is not supported on Win2012R2 version there. (In fact, as of now the only Windows version have TLS1.3 support is Win10. It's not supported on any of the Windows Server versions)
If the server have Chromium based Edge, you may also consider change to use WebView2 control instead because Chromium doesn't use SChannel either. If you want to choose this route, it's worthwhile to take a look at the WebView2Brower project that is created by the Edge team to create a browser solely with WebView2 control.
FYI, if we're talking about TLS 1.3, since SSL encryption of .NET Framework is provided by SChannel Windows Service, and currently only Win10 have TLS1.3 support (i.e.: none of the Windows Server version have TLS 1.3) you'll have to wait for an update for Windows Server 2019 and upgrade there in order to work. (I doubt if Microsoft will backport it to earlier system.)
If you need TLS1.3 support real fast, consider rewrite to use OpenSSL or other libraries instead.
Still I am using TLS 1.2 in the application from Windows 10 (not TLS 1.3) and it is working.
Can I use HtmlAgilityPack with OpenSSL ? do you have additional information ?
No, to use OpenSSL, you'll literally need to rewrite that part from scratch, so only do that if there is urgent need to use TLS 1.3. (Some sites such as devblogs.microsoft.com upgraded to allow TLS 1.3 only. So if I started Fiddler on Win7, I cannot access it with HTTPS decryption turned on)
This information is for the topic on TLS 1.3 only, not something directly related to your problem.
Follow the Premier Developer blog if you want to monitor the announcement of TLS1.3 support on servers.
@SGH I have managed to resolve the issues on my server by updating the SSL Cipher Suire Order, i had mistakenly removed some of the suites that windows suggested was for TLS1.0 and 1.1 only when in actual fact they were needed for some TLS1.2 connections as well.
I resolved my issues by:
Open Run Prompt and run gpedit.msc
Navigate to "Administrative Templates > Network > SSL Configuration Settings"
Open SSL Cipher Suite Order
Select Enabled
Paste the list of suites below into the text box (make sure there are no spaces)
Click Apply
Restart the server
SSL SUITES:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Note, these suites work for me but you may require other ones for different applications. You should be able to find a full list and more info on the suites here https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel?redirectedfrom=MSDN
I hope this helps to solve your issue
I tried this. Still not working
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
string URL = "https://xxxxxxxx";
HtmlWeb web = new HtmlWeb();
HtmlDocument doc = web.Load(URL);
Getting the following while running under server
{System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at HtmlAgilityPack.HtmlWeb.Get(Uri uri, String method, String path, HtmlDocument doc, IWebProxy proxy,
Also the string URL = "https://xxxxxxxx"; supports only below protocols and cipher
The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
SecurityProtocolType.Tls
SecurityProtocolType.Tls11
SecurityProtocolType.Ssl3;
//createing HttpWebRequest after ServicePointManager settings
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")
If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.
@SGH have you managed to resolve this yet? I'm having exactly the same issue windows server 2012 R2 with .net 4.8 application. If I try to force a tls1.3 connection I get the following message
Exception Details: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
I believe this is due to windows server 2012 not supporting tls1.3, if I force tls1.2 I get this instead
Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
The site I'm reading from only supports tls1.2 and 1.3 so I need to make it work with this.
One of the things I recently changed was the SSL Cipher Suite Order, I haven't figured out if this has affected it or not just yet but this is my next point to look at if it helps. I will post another update if I fix it.
The application was not working in Windows 2012. But it was working in Windows 10 and Windows Server 2016.
I tried the below link. I could not solve it. You can give a try. If it gets resolved, please let us now.
https://www.medo64.com/2020/05/using-tls-1-3-from-net-4-0-application/
