I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands.
I am using SslStream
object to authenticate the Tcp client by calling SslStream.AuthenticateAsClient
method by passing server IP
, SslProtocols.Ssl3
and X509CertificateCollection
.
I am getting the following error:
Authentication failed because the remote party has closed the transport stream
This question is related to
.net
openssl
x509certificate
sslstream
using (var client = new HttpClient(handler))
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
var response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Get, apiEndPoint)).ConfigureAwait(false);
await response.Content.ReadAsStringAsync().ConfigureAwait(false);
}
This worked for me
I would advise against restricting the SecurityProtocol to TLS 1.1.
The recommended solution is to use
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls
Another option is add the following Registry key:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
It is worth noting that .NET 4.6 will use the correct protocol by default and does not require either solution.
This happened to me when an web request endpoint was switched to another server that accepted TLS1.2 requests only. Tried so many attempts mostly found on Stackoverflow like
The exception received did no make justice to the actual problem I was facing and found no help from the service operator.
To solve this I have to add a new Cipher Suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 I have used IIS Crypto 2.0 Tool from here as shown below.
I ran into the same error message while using the ChargifyNET.dll to communicate with the Chargify API. Adding chargify.ProtocolType = SecurityProtocolType.Tls12;
to the configuration solved the problem for me.
Here is the complete code snippet:
public ChargifyConnect GetChargifyConnect()
{
var chargify = new ChargifyConnect();
chargify.apiKey = ConfigurationManager.AppSettings["Chargify.apiKey"];
chargify.Password = ConfigurationManager.AppSettings["Chargify.apiPassword"];
chargify.URL = ConfigurationManager.AppSettings["Chargify.url"];
// Without this an error will be thrown.
chargify.ProtocolType = SecurityProtocolType.Tls12;
return chargify;
}
If you want to use an older version of .net, create your own flag and cast it.
//
// Summary:
// Specifies the security protocols that are supported by the Schannel security
// package.
[Flags]
private enum MySecurityProtocolType
{
//
// Summary:
// Specifies the Secure Socket Layer (SSL) 3.0 security protocol.
Ssl3 = 48,
//
// Summary:
// Specifies the Transport Layer Security (TLS) 1.0 security protocol.
Tls = 192,
//
// Summary:
// Specifies the Transport Layer Security (TLS) 1.1 security protocol.
Tls11 = 768,
//
// Summary:
// Specifies the Transport Layer Security (TLS) 1.2 security protocol.
Tls12 = 3072
}
public Session()
{
System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)(MySecurityProtocolType.Tls12 | MySecurityProtocolType.Tls11 | MySecurityProtocolType.Tls);
}
For VB.NET, you can place the following before your web request:
Const _Tls12 As SslProtocols = DirectCast(&HC00, SslProtocols)
Const Tls12 As SecurityProtocolType = DirectCast(_Tls12, SecurityProtocolType)
ServicePointManager.SecurityProtocol = Tls12
This solved my security issue on .NET 3.5.
Adding the below code helped me overcome the issue.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;
Source: Stackoverflow.com