Monday, December 4, 2017

The request was aborted: could not create SSL/TLS secure channel–Part 3

A colleague asked for help with the following problem:

He has an ASP.NET MVC website that talks to an ASP.NET Web API backend. On development everything works as expected but on the acceptance environment, he suddenly start to get TLS errors when the httpclient invokes a call to the backend:

The request was aborted: Could not create SSL/TLS secure channel.

Let’s take you through the journey that brought us to our final solution.

Part 3 – The registry hack

Our acceptance and production environments are still Windows Server 2008 R2. On these OS TLS 1.0 is still the default. We can change this by altering the registry:

  • Open the registry on your server by running ‘regedit‘
  • Browse to the following location:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  • Add the TLS 1.1 and TLS 1.2 keys under Protocols
    • Right click on Protocols and click New –> Key
  • Create 2 keys Client and Server under both TLS keys
  • Create DWORD values under the Server and Client keys
    • Right click on Server and Client and click New—> DWORD
    • Set the following values:
      • DisabledByDefault [Value = 0]
      • Enabled [Value = 1]
  • That’s it!

No comments: