Develop Reference

Enable websocket logging - c#

When looking at the reference source I saw WebSocketBase have lots of logging statements, but there's no obvious way to make it actually log. I'm hoping it could help me diagnose why my client doesn't respond to ping requests during file transfers from the server, so how do I enable the logging here?

If you are on .Net Framework 4.x and are using an app.config (or web.config if you're hosting a site) you can configure a TraceSource named "System.Net.WebSockets", add an appropriate Switch level and a listener.
<configuration>
<system.diagnostics>
<sources>
<source name="System.Net.WebSockets">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
</sources>
<switches>
<add name="System.Net.WebSockets" value="Verbose"/>
</switches>
<sharedListeners>
<add name="System.Net"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="network.log"
traceOutputOptions="ProcessId, DateTime"
/>
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
</configuration>
This is the type of output you can expect with the Verbose switch (I'm connecting to ws://qa.sockets.stackexchange.com/ here)
System.Net.WebSockets Verbose: 0 : [9428] Entering ClientWebSocket#45004109::.ctor()
System.Net.WebSockets Verbose: 0 : [9428] Exiting ClientWebSocket#45004109::.ctor()
System.Net.WebSockets Information: 0 : [9428] Associating ClientWebSocket#45004109 with HttpWebRequest#21454193
System.Net.WebSockets Information: 0 : [14188] Associating ClientWebSocket#45004109 with HttpWebResponse#12547953
System.Net.WebSockets Verbose: 0 : [14188] Entering InternalClientWebSocket#31364015::Initialize(ReceiveBufferSize: 16384, SendBufferSize: 16384, Protocols: , KeepAliveInterval: 00:00:30, innerStream: WebSocketConnectionStream#11429296, internalBuffer: WebSocketBuffer#41622463)
System.Net.WebSockets Information: 0 : [14188] Associating InternalClientWebSocket#31364015 with WebSocketConnectionStream#11429296
System.Net.WebSockets Information: 0 : [14188] Associating InternalClientWebSocket#31364015 with WebSocketBuffer#41622463
System.Net.WebSockets Information: 0 : [14188] Associating WebSocketConnectionStream#11429296 with WebSocketConnection#28379535
System.Net.WebSockets Verbose: 0 : [14188] Exiting InternalClientWebSocket#31364015::Initialize() -> ReceiveBufferSize: 16384, SendBufferSize: 16384, Protocols: , KeepAliveInterval: 00:00:30, innerStream: WebSocketConnectionStream#11429296, internalBuffer: WebSocketBuffer#41622463
System.Net.WebSockets Information: 0 : [14188] Associating ClientWebSocket#45004109 with InternalClientWebSocket#31364015
System.Net.WebSockets Verbose: 0 : [14188] Entering InternalClientWebSocket#31364015::SendAsync(messageType: Text, endOfMessage: True)
System.Net.WebSockets Verbose: 0 : [14188] Data from InternalClientWebSocket#31364015::SendAsync
System.Net.WebSockets Verbose: 0 : [14188] 00000000 : 31 35 35 2D 71 75 65 73-74 69 6F 6E 73 2D 61 63 : 155-questions-ac
System.Net.WebSockets Verbose: 0 : [14188] 00000010 : 74 69 76 65 : tive
System.Net.WebSockets Verbose: 0 : [14188] Entering WebSocketConnectionStream#11429296::WriteAsync(offset: 16384, count: 26, cancellationToken.CanBeCanceled: True)
System.Net.WebSockets Verbose: 0 : [14188] Entering WebSocketConnection#28379535::WriteAsync(offset: 16384, count: 26, cancellationToken.CanBeCanceled: True)
System.Net.WebSockets Verbose: 0 : [14188] Exiting WebSocketConnection#28379535::WriteAsync() -> Boolean#1
System.Net.WebSockets Verbose: 0 : [3848] Entering WebSocketConnection#28379535::OnWriteCompleted(LastOperation: Send, SocketError: Success)
System.Net.WebSockets Verbose: 0 : [3848] Data from WebSocketConnectionStream#11429296::WriteAsync
System.Net.WebSockets Verbose: 0 : [3848] 00004000 : 81 94 2C 5F 76 52 1D 6A-43 7F 5D 2A 13 21 58 36 : ..,_vR.jC.]*.!X6
System.Net.WebSockets Verbose: 0 : [3848] 00004010 : 19 3C 5F 72 17 31 58 36-00 37 : .<_r.1X6.7
System.Net.WebSockets Verbose: 0 : [3848] Exiting WebSocketConnectionStream#11429296::WriteAsync()
System.Net.WebSockets Verbose: 0 : [3848] Exiting InternalClientWebSocket#31364015::SendAsync() -> messageType: Text, endOfMessage: True
System.Net.WebSockets Verbose: 0 : [3848] Entering InternalClientWebSocket#31364015::ReceiveAsync()
System.Net.WebSockets Verbose: 0 : [3848] Entering WebSocketConnectionStream#11429296::ReadAsync(offset: 0, count: 16384, cancellationToken.CanBeCanceled: True)
System.Net.WebSockets Verbose: 0 : [3848] Entering WebSocketConnection#28379535::ReadAsyncCore(offset: 0, count: 16384, cancellationToken.CanBeCanceled: True)
System.Net.WebSockets Verbose: 0 : [3848] Exiting WebSocketConnection#28379535::ReadAsyncCore() -> Boolean#1
System.Net.WebSockets Verbose: 0 : [3848] Exiting WebSocketConnection#28379535::OnWriteCompleted()
System.Net.WebSockets Verbose: 0 : [3848] Entering WebSocketConnection#28379535::OnReadCompleted(LastOperation: Receive, SocketError: Success)
System.Net.WebSockets Verbose: 0 : [3848] Data from WebSocketConnectionStream#11429296::ReadAsync
System.Net.WebSockets Verbose: 0 : [3848] 00000000 : 81 7E 03 11 7B 22 61 63-74 69 6F 6E 22 3A 22 31 : .~..{"action":"1
System.Net.WebSockets Verbose: 0 : [3848] 00000010 : 35 35 2D 71 75 65 73 74-69 6F 6E 73 2D 61 63 74 : 55-questions-act
System.Net.WebSockets Verbose: 0 : [3848] 00000020 : 69 76 65 22 2C 22 64 61-74 61 22 3A 22 7B 5C 22 : ive","data":"{\"
System.Net.WebSockets Verbose: 0 : [3848] 00000030 : 73 69 74 65 42 61 73 65-48 6F 73 74 41 64 64 72 : siteBaseHostAddr
System.Net.WebSockets Verbose: 0 : [3848] 00000040 : 65 73 73 5C 22 3A 5C 22-73 74 61 63 6B 6F 76 65 : ess\":\"stackove
System.Net.WebSockets Verbose: 0 : [3848] 00000050 : 72 66 6C 6F 77 2E 63 6F-6D 5C 22 2C 5C 22 69 64 : rflow.com\",\"id

Related

Please read the full text below. I tried all usual solutions to this problem.
So, my .Net 4.5 app running successfully has been fetching data from a url for a good amount of time. But it suddenly started failing with the above cited error:
HttpWebRequest#687191::GetResponse - The request was aborted: Could
not create SSL/TLS secure channel..
Here's the sample C# code with which I was able to reproduce the error:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11;
ServicePointManager.DefaultConnectionLimit = 9999;
ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return (true);
};
var authHeaderValue = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(string.Format("{0}:{1}", "username", "password")));
var request = (HttpWebRequest) HttpWebRequest.Create("url-here");
request.Method = "GET";
request.Headers.Add("Authorization: Basic " + authHeaderValue);
using (HttpWebResponse response = (HttpWebResponse) request.GetResponse())
{
Stream dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
var s = reader.ReadToEnd();
reader.Close();
dataStream.Close();
Console.WriteLine(s);
}
As you can see, all usual solutions of setting values on ServicePointManager / ignoring certificate errors have been tried above.
I still get the error and the ServerCertificateValidationCallback is not even hit.
I used Fiddler with HTTPS decryption on and Fiddler gave me this error instead:
System.Security.Authentication.AuthenticationException : A call to
SSPI failed, see inner exception.
----> System.ComponentModel.Win32Exception : The message received was unexpected or badly formatted
I went to Tracing (https://stackoverflow.com/a/12327881/12484) and here is the trace file output:
System.Net Information: 0 : [13160] Current OS installation type is 'Client'.
System.Net Verbose: 0 : [13160] WebRequest::Create(url-here)
System.Net Verbose: 0 : [13160] HttpWebRequest#687191::HttpWebRequest(url-here)
System.Net Information: 0 : [13160] RAS supported: True
System.Net Verbose: 0 : [13160] Exiting HttpWebRequest#687191::HttpWebRequest()
System.Net Verbose: 0 : [13160] Exiting WebRequest::Create() -> HttpWebRequest#687191
System.Net Verbose: 0 : [13160] HttpWebRequest#687191::GetResponse()
System.Net Verbose: 0 : [13160] ServicePoint#49385318::ServicePoint(domain-here:443)
System.Net Information: 0 : [13160] Associating HttpWebRequest#687191 with ServicePoint#49385318
System.Net Information: 0 : [13160] Associating Connection#7746814 with HttpWebRequest#687191
System.Net.Sockets Verbose: 0 : [13160] Socket#13062350::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#13062350::Socket()
System.Net.Sockets Verbose: 0 : [13160] Socket#50934842::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#50934842::Socket()
System.Net.Sockets Verbose: 0 : [13160] DNS::TryInternalResolve(domain-here)
System.Net.Sockets Verbose: 0 : [13160] Socket#13062350::Connect(server-ip-here:443#1466373584)
System.Net.Sockets Information: 0 : [13160] Socket#13062350 - Created connection from client-ip-here:11043 to server-ip-here:443.
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#13062350::Connect()
System.Net.Sockets Verbose: 0 : [13160] Socket#50934842::Close()
System.Net.Sockets Verbose: 0 : [13160] Socket#50934842::Dispose()
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#50934842::Close()
System.Net Information: 0 : [13160] Connection#7746814 - Created connection from client-ip-here:11043 to server-ip-here:443.
System.Net Information: 0 : [13160] TlsStream#10366524::.ctor(host=domain-here, #certs=0)
System.Net Information: 0 : [13160] Associating HttpWebRequest#687191 with ConnectStream#63840421
System.Net Information: 0 : [13160] HttpWebRequest#687191 - Request: GET relative-url-here HTTP/1.1
System.Net Information: 0 : [13160] ConnectStream#63840421 - Sending headers
{
Authorization: Basic credentials-here
Host: domain-here
Connection: Keep-Alive
}.
System.Net Information: 0 : [13160] SecureChannel#54246671::.ctor(hostname=domain-here, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [13160] Enumerating security packages:
System.Net Information: 0 : [13160] Negotiate
System.Net Information: 0 : [13160] NegoExtender
System.Net Information: 0 : [13160] Kerberos
System.Net Information: 0 : [13160] NTLM
System.Net Information: 0 : [13160] Schannel
System.Net Information: 0 : [13160] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [13160] WDigest
System.Net Information: 0 : [13160] TSSSP
System.Net Information: 0 : [13160] pku2u
System.Net Information: 0 : [13160] CREDSSP
System.Net Information: 0 : [13160] SecureChannel#54246671 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [13160] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [13160] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = domain-here, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [13160] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=184, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [13160] Socket#13062350::Send()
System.Net.Sockets Verbose: 0 : [13160] Data from Socket#13062350::Send
System.Net.Sockets Verbose: 0 : [13160] 00000000 : 16 03 03 00 B3 01 00 00-AF 03 03 5E D9 42 A7 54 : ...........^.B.T
System.Net.Sockets Verbose: 0 : [13160] 00000010 : CD 34 00 7C 31 C9 2F 75-E7 DE A6 9E E8 D7 B5 74 : .4.|1./u.......t
System.Net.Sockets Verbose: 0 : [13160] 00000020 : 3C CB 7E B3 84 D8 1A 22-69 79 B3 00 00 38 C0 28 : <.~...."iy...8.(
System.Net.Sockets Verbose: 0 : [13160] 00000030 : C0 27 C0 14 C0 13 00 9F-00 9E 00 39 00 33 00 9D : .'.........9.3..
System.Net.Sockets Verbose: 0 : [13160] 00000040 : 00 9C 00 3D 00 3C 00 35-00 2F C0 2C C0 2B C0 24 : ...=.<.5./.,.+.$
System.Net.Sockets Verbose: 0 : [13160] 00000050 : C0 23 C0 0A C0 09 00 6A-00 40 00 38 00 32 00 0A : .#.....j.#.8.2..
System.Net.Sockets Verbose: 0 : [13160] 00000060 : 00 13 00 05 00 04 01 00-00 4E 00 00 00 19 00 17 : .........N......
System.Net.Sockets Verbose: 0 : [13160] 00000070 : 00 00 14 61 6D 61 74 72-61 76 65 6C 2E 74 73 74 : ...domain-here
System.Net.Sockets Verbose: 0 : [13160] 00000080 : 6C 6C 63 2E 6E 65 74 00-0A 00 06 00 04 00 17 00 : domain-here.........
System.Net.Sockets Verbose: 0 : [13160] 00000090 : 18 00 0B 00 02 01 00 00-0D 00 14 00 12 06 01 06 : ................
System.Net.Sockets Verbose: 0 : [13160] 000000A0 : 03 04 01 05 01 02 01 04-03 05 03 02 03 02 02 00 : ................
System.Net.Sockets Verbose: 0 : [13160] 000000B0 : 17 00 00 FF 01 00 01 00- : ........
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#13062350::Send() -> Int32#184
System.Net.Sockets Verbose: 0 : [13160] Socket#13062350::Receive()
System.Net.Sockets Verbose: 0 : [13160] Data from Socket#13062350::Receive
System.Net.Sockets Verbose: 0 : [13160] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#13062350::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [13160] Socket#13062350::Receive()
System.Net.Sockets Verbose: 0 : [13160] Data from Socket#13062350::Receive
System.Net.Sockets Verbose: 0 : [13160] 00000005 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [13160] Exiting Socket#13062350::Receive() -> Int32#2
System.Net Information: 0 : [13160] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 51ccc0:5827200, targetName = domain-here, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [13160] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [13160] Socket#13062350::Dispose()
System.Net Error: 0 : [13160] Exception in HttpWebRequest#687191:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [13160] Exception in HttpWebRequest#687191::GetResponse - The request was aborted: Could not create SSL/TLS secure channel..
I replaced my server and client sensitive information in the trace above (anything ending with -here) but the other trace information is intact.
I still can't figure out what is wrong in the Trace and why this one url (with HTTPS) won't open with my .Net code.
Can someone please help me troubleshooting this?

The debug information contain the ClientHello send by the client in the TLS handshake. Based on this the server is amatravel.tstllc.net which according to SSLLabs supports the following very few ciphers:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
All these ciphers start with TLS_ECDHE_RSA_, i.e. the RSA certificate with ECDHE key exchange. But decoding your ClientHello shows that the client only announces support for the following ciphers:
Cipher Suites (28 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
A quick view will see that none of the 4 ciphers starting with TLS_ECDHE_RSA_ matches a cipher supported by the server. Therefore the handshake will fail because of no shared ciphers.
But it suddenly started failing ...
Assuming that no changes were done to your application it is likely that changes were done to the server. The cipher set supported by the server is very small so maybe someone tried to harden the server while not being aware that some clients don't support any of these few ciphers.
But the cipher set supported by your client is also strange. While you support TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 you don't support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, i.e. same cipher but used with RSA certificates instead of ECC certificates. And the latter cipher would have been actually supported by the server.

I have code that was working last week and just started failing over the weekend. Unfortunately its coming from a library https://github.com/canton7/RestEase/ so its hard for me to debug what's going on. I have here the Network Tracing log.
System.Net.Http Verbose: 0 : [12144] HttpClientHandler#64844482::.ctor()
System.Net.Http Verbose: 0 : [12144] Exiting HttpClientHandler#64844482::.ctor()
System.Net.Http Verbose: 0 : [12144] HttpClient#46729429::.ctor(HttpClientHandler#64844482)
System.Net.Http Information: 0 : [12144] Associating HttpClient#46729429 with HttpClientHandler#64844482
System.Net.Http Verbose: 0 : [12144] Exiting HttpClient#46729429::.ctor()
System.Net.Http Verbose: 0 : [12144] HttpClient#46729429::.ctor(HttpClientHandler#64844482)
System.Net.Http Verbose: 0 : [12144] Exiting HttpClient#46729429::.ctor()
System.Net.Http Information: 0 : [12144] HttpClient#46729429 - BaseAddress: ''
System.Net.Http Verbose: 0 : [12144] HttpRequestMessage#41429416::.ctor(Method: GET, Uri: '')
System.Net.Http Verbose: 0 : [12144] Exiting HttpRequestMessage#41429416::.ctor()
System.Net.Http Information: 0 : [12144] HttpRequestMessage#41429416 - Content set to '<null>'.
System.Net.Http Verbose: 0 : [12144] HttpClient#46729429::SendAsync(HttpRequestMessage#41429416: Method: GET, RequestUri: 'https://[redacted]', Version: 1.1, Content: <null>, Headers:
{
Authorization: [redacted]
})
System.Net.Http Verbose: 0 : [12144] HttpClientHandler#64844482::SendAsync(HttpRequestMessage#41429416)
System.Net Verbose: 0 : [12144] HttpWebRequest#37320431::HttpWebRequest(https://[redacted]#1623223772)
System.Net Information: 0 : [12144] Current OS installation type is 'Client'.
System.Net Information: 0 : [12144] RAS supported: True
System.Net Verbose: 0 : [12144] Exiting HttpWebRequest#37320431::HttpWebRequest()
System.Net Verbose: 0 : [12144] HttpWebRequest#37320431::HttpWebRequest(uri: '[redacted]', connectionGroupName: '64844482')
System.Net Verbose: 0 : [12144] Exiting HttpWebRequest#37320431::HttpWebRequest()
System.Net.Http Information: 0 : [12144] Associating HttpRequestMessage#41429416 with HttpWebRequest#37320431
System.Net.Http Verbose: 0 : [12144] Exiting HttpClientHandler#64844482::SendAsync() -> Task`1#13256970
System.Net.Http Verbose: 0 : [12144] Exiting HttpClient#46729429::SendAsync() -> Task`1#13256970
System.Net Verbose: 0 : [10968] HttpWebRequest#37320431::BeginGetResponse()
System.Net Error: 0 : [10968] Can't retrieve proxy settings for Uri 'https://[redacted]'. Error code: 12180.
System.Net Verbose: 0 : [10968] ServicePoint#6044116::ServicePoint([redacted]:443)
System.Net Information: 0 : [10968] Associating HttpWebRequest#37320431 with ServicePoint#6044116
System.Net Information: 0 : [10968] Associating Connection#59817589 with HttpWebRequest#37320431
System.Net.Sockets Verbose: 0 : [10968] Socket#48209832::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [10968] Exiting Socket#48209832::Socket()
System.Net.Sockets Verbose: 0 : [10968] Socket#5773521::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [10968] Exiting Socket#5773521::Socket()
System.Net.Sockets Verbose: 0 : [10968] DNS::TryInternalResolve([redacted])
System.Net.Sockets Verbose: 0 : [10968] Socket#48209832::BeginConnectEx()
System.Net.Sockets Verbose: 0 : [10968] Socket#48209832::InternalBind(0.0.0.0:0#0)
System.Net.Sockets Verbose: 0 : [10968] Exiting Socket#48209832::InternalBind()
System.Net.Sockets Verbose: 0 : [10968] Exiting Socket#48209832::BeginConnectEx() -> ConnectOverlappedAsyncResult#54135081
System.Net Verbose: 0 : [10968] Exiting HttpWebRequest#37320431::BeginGetResponse() -> ContextAwareResult#63094882
System.Net.Sockets Verbose: 0 : [14140] Socket#48209832::EndConnect(ConnectOverlappedAsyncResult#54135081)
System.Net.Sockets Information: 0 : [14140] Socket#48209832 - Created connection from 192.168.168.110:52711 to [redacted]:443.
System.Net.Sockets Verbose: 0 : [14140] Exiting Socket#48209832::EndConnect()
System.Net.Sockets Verbose: 0 : [14140] Socket#5773521::Close()
System.Net.Sockets Verbose: 0 : [14140] Socket#5773521::Dispose()
System.Net.Sockets Verbose: 0 : [14140] Exiting Socket#5773521::Close()
System.Net Information: 0 : [14140] Connection#59817589 - Created connection from 192.168.168.110:52711 to [redacted]:443.
System.Net Information: 0 : [14140] TlsStream#12547953::.ctor(host=[redacted], #certs=0)
System.Net Information: 0 : [14140] Associating HttpWebRequest#37320431 with ConnectStream#11429296
System.Net Information: 0 : [14140] HttpWebRequest#37320431 - Request: GET [redacted] HTTP/1.1
System.Net Information: 0 : [14140] ConnectStream#11429296 - Sending headers
{
Authorization: [redacted]
Host: [redacted]
Connection: Keep-Alive
}.
System.Net Information: 0 : [14140] SecureChannel#41622463::.ctor(hostname=[redacted], #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [14140] Enumerating security packages:
System.Net Information: 0 : [14140] Negotiate
System.Net Information: 0 : [14140] NegoExtender
System.Net Information: 0 : [14140] Kerberos
System.Net Information: 0 : [14140] NTLM
System.Net Information: 0 : [14140] TSSSP
System.Net Information: 0 : [14140] pku2u
System.Net Information: 0 : [14140] WDigest
System.Net Information: 0 : [14140] Schannel
System.Net Information: 0 : [14140] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [14140] Default TLS SSP
System.Net Information: 0 : [14140] CREDSSP
System.Net Information: 0 : [14140] SecureChannel#41622463 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [14140] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [14140] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = [redacted], inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [14140] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=125, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [14140] Socket#48209832::BeginSend()
System.Net.Sockets Verbose: 0 : [14140] Exiting Socket#48209832::BeginSend() -> OverlappedAsyncResult#31364015
System.Net.Sockets Verbose: 0 : [15084] Data from Socket#48209832::PostCompletion
System.Net.Sockets Verbose: 0 : [15084] 00000000 : 16 03 01 00 78 01 00 00-74 03 01 59 91 A6 BD 43 : ....x...t..Y...C
System.Net.Sockets Verbose: 0 : [15084] 00000010 : E7 B1 57 E0 2B 0C 69 3B-E9 CB 5C 9A 0C 38 31 B2 : ..W.+.i;..\..81.
System.Net.Sockets Verbose: 0 : [15084] 00000020 : E6 86 C3 EF 88 A2 D2 4C-3D CB E1 00 00 12 C0 0A : .......L=.......
System.Net.Sockets Verbose: 0 : [15084] 00000030 : C0 09 C0 14 C0 13 00 35-00 2F 00 0A 00 05 00 04 : .......5./......
System.Net.Sockets Verbose: 0 : [15084] 00000040 : 01 [redacted] 69 : ...9.........[redacted]
System.Net.Sockets Verbose: 0 : [15084] 00000050 : 2E [redacted] 0A : .[redacted]..
System.Net.Sockets Verbose: 0 : [15084] 00000060 : 00 08 00 06 00 1D 00 17-00 18 00 0B 00 02 01 00 : ................
System.Net.Sockets Verbose: 0 : [15084] 00000070 : 00 23 00 00 00 17 00 00-FF 01 00 01 00 : .#...........
System.Net.Sockets Verbose: 0 : [15084] Socket#48209832::EndSend(OverlappedAsyncResult#31364015)
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#48209832::EndSend() -> Int32#125
System.Net.Sockets Verbose: 0 : [15084] Socket#48209832::BeginReceive()
System.Net.Sockets Error: 0 : [15084] Socket#48209832::UpdateStatusAfterSocketError() - ConnectionReset
System.Net.Sockets Error: 0 : [15084] Exception in Socket#48209832::BeginReceive - An existing connection was forcibly closed by the remote host.
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#48209832::BeginReceive()
System.Net.Sockets Verbose: 0 : [15084] Socket#48209832::Dispose()
System.Net Error: 0 : [15084] Exception in HttpWebRequest#37320431:: - The underlying connection was closed: An unexpected error occurred on a send..
System.Net Information: 0 : [15084] Associating HttpWebRequest#37320431 with ServicePoint#6044116
System.Net Information: 0 : [15084] Associating Connection#12036987 with HttpWebRequest#37320431
System.Net.Sockets Verbose: 0 : [15084] Socket#42715336::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#42715336::Socket()
System.Net.Sockets Verbose: 0 : [15084] Socket#36963566::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#36963566::Socket()
System.Net.Sockets Verbose: 0 : [15084] Socket#42715336::BeginConnectEx()
System.Net.Sockets Verbose: 0 : [15084] Socket#42715336::InternalBind(0.0.0.0:0#0)
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#42715336::InternalBind()
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#42715336::BeginConnectEx() -> ConnectOverlappedAsyncResult#25474675
System.Net.Sockets Verbose: 0 : [15084] Socket#42715336::EndConnect(ConnectOverlappedAsyncResult#25474675)
System.Net.Sockets Information: 0 : [15084] Socket#42715336 - Created connection from 192.168.168.110:52712 to [redacted]:443.
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#42715336::EndConnect()
System.Net.Sockets Verbose: 0 : [15084] Socket#36963566::Close()
System.Net.Sockets Verbose: 0 : [15084] Socket#36963566::Dispose()
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#36963566::Close()
System.Net Information: 0 : [15084] Connection#12036987 - Created connection from 192.168.168.110:52712 to [redacted]:443.
System.Net Information: 0 : [15084] TlsStream#3038911::.ctor(host=[redacted], #certs=0)
System.Net Information: 0 : [15084] Associating HttpWebRequest#37320431 with ConnectStream#45330878
System.Net Information: 0 : [15084] HttpWebRequest#37320431 - Request: GET [redacted] HTTP/1.1
System.Net Information: 0 : [15084] ConnectStream#45330878 - Sending headers
{
Authorization: [redacted]
Host: [redacted]
Connection: Keep-Alive
}.
System.Net Information: 0 : [15084] SecureChannel#66629781::.ctor(hostname=[redacted], #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [15084] SecureChannel#66629781 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [15084] Using the cached credential handle.
System.Net Information: 0 : [15084] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = [redacted], inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [15084] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=125, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [15084] Socket#42715336::BeginSend()
System.Net.Sockets Verbose: 0 : [15084] Exiting Socket#42715336::BeginSend() -> OverlappedAsyncResult#49382823
System.Net.Sockets Verbose: 0 : [14140] Data from Socket#42715336::PostCompletion
System.Net.Sockets Verbose: 0 : [14140] 00000000 : 16 03 01 00 78 01 00 00-74 03 01 59 91 A6 BD 86 : ....x...t..Y....
System.Net.Sockets Verbose: 0 : [14140] 00000010 : FA 79 FF 97 CD DB 64 81-EF B7 9F B2 23 6E 8D C0 : .y....d.....#n..
System.Net.Sockets Verbose: 0 : [14140] 00000020 : 7F 3B C5 B5 EB 10 48 EB-FC 7A F6 00 00 12 C0 0A : .;....H..z......
System.Net.Sockets Verbose: 0 : [14140] 00000030 : C0 09 C0 14 C0 13 00 35-00 2F 00 0A 00 05 00 04 : .......5./......
System.Net.Sockets Verbose: 0 : [14140] 00000040 : 01 [redacted] 69 : ...9.........[redacted]
System.Net.Sockets Verbose: 0 : [14140] 00000050 : 2E [redacted] : .[redacted]
System.Net.Sockets Verbose: 0 : [14140] 00000060 : 00 08 00 06 00 1D 00 17-00 18 00 0B 00 02 01 00 : ................
System.Net.Sockets Verbose: 0 : [14140] 00000070 : 00 23 00 00 00 17 00 00-FF 01 00 01 00 : .#...........
System.Net.Sockets Verbose: 0 : [14140] Socket#42715336::EndSend(OverlappedAsyncResult#49382823)
System.Net.Sockets Verbose: 0 : [14140] Exiting Socket#42715336::EndSend() -> Int32#125
System.Net.Sockets Verbose: 0 : [14140] Socket#42715336::BeginReceive()
System.Net.Sockets Error: 0 : [14140] Socket#42715336::UpdateStatusAfterSocketError() - ConnectionReset
System.Net.Sockets Error: 0 : [14140] Exception in Socket#42715336::BeginReceive - An existing connection was forcibly closed by the remote host.
System.Net.Sockets Verbose: 0 : [14140] Exiting Socket#42715336::BeginReceive()
System.Net.Sockets Verbose: 0 : [14140] Socket#42715336::Dispose()
System.Net Error: 0 : [14140] Exception in HttpWebRequest#37320431:: - The underlying connection was closed: An unexpected error occurred on a send..
System.Net Verbose: 0 : [14140] HttpWebRequest#37320431::EndGetResponse()
System.Net Error: 0 : [14140] Exception in HttpWebRequest#37320431::EndGetResponse - The underlying connection was closed: An unexpected error occurred on a send..
System.Net.Http Error: 0 : [14140] Exception in HttpClientHandler#64844482::SendAsync - The underlying connection was closed: An unexpected error occurred on a send..
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
System.Net.Http Error: 0 : [14140] HttpClient#46729429::SendAsync() - An error occurred while sending HttpRequestMessage#41429416. System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.BeginReceive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags, AsyncCallback callback, Object state)
at System.Net.Sockets.NetworkStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
--- End of inner exception stack trace ---
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
One thing that sticks out is the "Left with 0 client certificates to choose from". I assume this is the key certificate error, but how do I resolve this? I didn't add any certificates or do anything at all to get it working originally. The code is basically the simple examples from https://github.com/canton7/RestEase/

I fixed this the same way this guy did: https://github.com/canton7/RestEase/issues/45
I think I have found it. I am using a legacy console app. Although it
has been set to compile to 4.5 for a long time it looks like the
default SSL settings are legacy. I got it to work by using this
System.Net.ServicePointManager.SecurityProtocol |=
SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
before init of the RestEase object

I have uploaded a client certificate to Azure and are trying to make a post to a api method with this certificate. My code works when I am debugging on my local computer but it fails when I run it on Azure as a App Service.
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext()
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at System.Net.Http.HttpClient.d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Bandytabeller.Controllers.swishController.d__3.MoveNext() in D:\ASP-hemsidor\NetCoreApplications\Bandytabeller\Bandytabeller\Api\swishController.cs:line 102
[HttpGet("{id}")]
public async Task pay(string id = "", string amount = "")
{
// Get the user agent
string userAgent = Request.Headers["User-Agent"].ToString();
// Create the payment request
SwishPaymentRequest post = new SwishPaymentRequest();
post.payeePaymentReference = id.ToString();
post.callbackUrl = "https://www.quiz-walk.se/";
post.payeeAlias = "1231181189";
post.amount = amount;
post.currency = "SEK";
post.message = "Faktura " + id.ToString();
// Create the http content
HttpContent data = new StringContent(JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json");
// Create variables
X509Store certStore = null;
HttpClientHandler handler = null;
HttpClient client = null;
string token = "";
try
{
// Create a request handler
handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
handler.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
// Open certificate from certificate store
certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, "800CDE7BC219D53812FC164DFF0FE73DF8A8D7B6", false);
if (certCollection.Count > 0)
{
handler.ClientCertificates.Add(certCollection[0]);
}
// Disable ssl validation
handler.ServerCertificateCustomValidationCallback += (message, xcert, chain, errors) => true;
//handler.ClientCertificates.Add(cert);
// Create the http client
client = new HttpClient(handler, false);
// Post the payment request
//Task task = Task.Run(() => client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data));
HttpResponseMessage task = await client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data);
// Wait for the task to finish
//task.Wait();
// Make sure that the response is successful
if (task.StatusCode == System.Net.HttpStatusCode.Created)
{
// Get all header values
IEnumerable headers = task.Headers.GetValues("PaymentRequestToken");
// Get the token
foreach (string value in headers)
{
token += value;
}
}
}
catch (Exception ex)
{
token += ex.ToString();
logger.LogWarning(ex.ToString());
}
finally
{
// Dispose of the handler and the client
if(certStore != null)
{
certStore.Dispose();
}
if (handler != null)
{
handler.Dispose();
}
if (client != null)
{
client.Dispose();
}
}
// Create the url
string url = "http://www.bokforingstips.se";
if (userAgent.Contains("Windows Phone") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("iPhone") == true || userAgent.Contains("iPad") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("Android") == true)
{
url = "intent://paymentrequest?token=" + token + "/#Intent;scheme=swish;package=se.bankgirot.swish;end;";
}
else
{
return Content(handler.ClientCertificates[0].Issuer + " " + token);
}
// Redirect the user to url
return Redirect(url);
} // End of the pay method
I am testing the Swish API and I use ServerCertificateCustomValidationCallback to do my on validation. I works on my local computer but not on Azure. The certificate is loaded, the error occurs on the PostAsync call.
Asp.Net Core 1.1.1
Tested with .Net Framework 4.6.2 on Azure. It does not work, have enabled system.net tracing.
`System.Net Information: 0 : [12712] SecureChannel#3644764 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [12712] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [12712] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [12712] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=1638, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::BeginSend()
System.Net.Sockets Verbose: 0 : [23872] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [23872] (printing 1024 out of 1638)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::BeginSend() -> OverlappedAsyncResult#29753716
System.Net.Sockets Verbose: 0 : [23872] 00000000 : 16 03 03 06 2E 0B 00 04-9C 00 04 99 00 04 96 30 : ...............0
System.Net.Sockets Verbose: 0 : [23872] 00000010 : 82 04 92 30 82 02 7A A0-03 02 01 02 02 08 1B 46 : ...0..z........F
System.Net.Sockets Verbose: 0 : [23872] 00000020 : F2 54 AE 99 F3 1C 30 0D-06 09 2A 86 48 86 F7 0D : .T....0...*.H...
System.Net.Sockets Verbose: 0 : [23872] 00000030 : 01 01 0B 05 00 30 73 31-0B 30 09 06 03 55 04 06 : .....0s1.0...U..
System.Net.Sockets Verbose: 0 : [23872] 00000040 : 13 02 53 45 31 1D 30 1B-06 03 55 04 0A 0C 14 54 : ..SE1.0...U....T
System.Net.Sockets Verbose: 0 : [23872] 00000050 : 65 73 74 62 61 6E 6B 20-32 20 41 42 20 28 70 75 : estbank 2 AB (pu
System.Net.Sockets Verbose: 0 : [23872] 00000060 : 62 6C 29 31 11 30 0F 06-03 55 04 05 13 08 54 45 : bl)1.0...U....TE
System.Net.Sockets Verbose: 0 : [23872] 00000070 : 53 54 53 45 54 32 31 32-30 30 06 03 55 04 03 0C : STSET21200..U...
System.Net.Sockets Verbose: 0 : [23872] 00000080 : 29 54 65 73 74 62 61 6E-6B 20 32 20 43 75 73 74 : )Testbank 2 Cust
System.Net.Sockets Verbose: 0 : [23872] 00000090 : 6F 6D 65 72 20 43 41 31-20 76 31 20 66 6F 72 20 : omer CA1 v1 for
System.Net.Sockets Verbose: 0 : [23872] 000000A0 : 53 77 69 73 68 20 54 65-73 74 30 1E 17 0D 31 35 : Swish Test0...15
System.Net.Sockets Verbose: 0 : [23872] 000000B0 : 31 30 32 36 32 33 30 30-30 30 5A 17 0D 31 37 31 : 1026230000Z..171
System.Net.Sockets Verbose: 0 : [23872] 000000C0 : 30 32 36 32 31 35 39 35-39 5A 30 37 31 0B 30 09 : 026215959Z071.0.
System.Net.Sockets Verbose: 0 : [23872] 000000D0 : 06 03 55 04 06 13 02 53-45 31 13 30 11 06 03 55 : ..U....SE1.0...U
System.Net.Sockets Verbose: 0 : [23872] 000000E0 : 04 0A 0C 0A 35 35 36 39-31 33 37 33 38 32 31 13 : ....55691373821.
System.Net.Sockets Verbose: 0 : [23872] 000000F0 : 30 11 06 03 55 04 03 0C-0A 31 32 33 31 31 38 31 : 0...U....1231181
System.Net.Sockets Verbose: 0 : [23872] 00000100 : 31 38 39 30 82 01 22 30-0D 06 09 2A 86 48 86 F7 : 1890.."0...*.H..
System.Net.Sockets Verbose: 0 : [23872] 00000110 : 0D 01 01 01 05 00 03 82-01 0F 00 30 82 01 0A 02 : ...........0....
System.Net.Sockets Verbose: 0 : [23872] 00000120 : 82 01 01 00 BC CF F1 F1-62 AB 84 50 EC 91 13 A9 : ........b..P....
System.Net.Sockets Verbose: 0 : [23872] 00000130 : 6B FE 20 78 32 01 54 E9-84 8F FD 4C 77 61 EB B5 : k. x2.T....Lwa..
System.Net.Sockets Verbose: 0 : [23872] 00000140 : 1F 86 66 E8 C9 17 35 37-DB F3 7B 07 72 AA 80 D5 : ..f...57..{.r...
System.Net.Sockets Verbose: 0 : [23872] 00000150 : 79 C5 AB AD C7 92 E0 55-4C 03 3C ED D7 49 4E D6 : y......UL.Mj.0{N.....
System.Net.Sockets Verbose: 0 : [23872] 00000220 : 9E 39 36 3F 02 03 01 00-01 A3 66 30 64 30 12 06 : .96?......f0d0..
System.Net.Sockets Verbose: 0 : [23872] 00000230 : 03 55 1D 20 04 0B 30 09-30 07 06 05 2A 03 04 05 : .U. ..0.0...*...
System.Net.Sockets Verbose: 0 : [23872] 00000240 : 01 30 0E 06 03 55 1D 0F-01 01 FF 04 04 03 02 07 : .0...U..........
System.Net.Sockets Verbose: 0 : [23872] 00000250 : 80 30 1D 06 03 55 1D 0E-04 16 04 14 60 78 11 F2 : .0...U......`x..
System.Net.Sockets Verbose: 0 : [23872] 00000260 : 80 61 20 15 74 29 36 9E-F8 96 1E 7D 33 6C 7F F8 : .a .t)6....}3l..
System.Net.Sockets Verbose: 0 : [23872] 00000270 : 30 1F 06 03 55 1D 23 04-18 30 16 80 14 26 CD F1 : 0...U.#..0...&..
System.Net.Sockets Verbose: 0 : [23872] 00000280 : 34 AD 9D 0F 17 DC 90 6D-AE B2 BB DF BE A0 0C F5 : 4......m........
System.Net.Sockets Verbose: 0 : [23872] 00000290 : 40 30 0D 06 09 2A 86 48-86 F7 0D 01 01 0B 05 00 : #0...*.H........
System.Net.Sockets Verbose: 0 : [23872] 000002A0 : 03 82 02 01 00 16 18 A4-67 4E 78 3C B7 1F 91 F5 : ........gNx|....
System.Net.Sockets Verbose: 0 : [23872] 000002D0 : F1 DD 3E DE 05 F1 7A FC-5A D1 E4 78 33 80 8C 84 : ..>...z.Z..x3...
System.Net.Sockets Verbose: 0 : [23872] 000002E0 : EF 68 FD 90 13 E7 77 35-B9 8E B4 3C 0F 2C DE 55 : .h....w5...uM..V..F...
System.Net.Sockets Verbose: 0 : [23872] 00000370 : DE DB 8D 63 2A 46 C2 3E-31 1E 01 DA B1 57 EE FD : ...c*F.>1....W..
System.Net.Sockets Verbose: 0 : [23872] 00000380 : A6 0C A1 09 8F 03 41 2D-4D 77 19 A9 61 22 50 01 : ......A-Mw..a"P.
System.Net.Sockets Verbose: 0 : [23872] 00000390 : F9 72 46 A7 42 20 03 16-91 F4 37 00 78 73 5D 8E : .rF.B ....7.xs].
System.Net.Sockets Verbose: 0 : [23872] 000003A0 : 05 21 01 FB C7 5D D4 AD-39 41 F4 3C 07 BC 9C 03 : .!...]..9A. Int32#1638
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#64760428)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#64760428
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#27335310)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#2
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#27335310
System.Net Information: 0 : [23872] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [23872] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::Dispose()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [23872] HttpWebRequest#15120020::EndGetRequestStream()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..`

The ServerCertificateCustomValidationCallback is never called and I guess that Azure don´t allow this callback. The root certificate must be trusted.

i read all the relevant threads on the error "The request was aborted: Could not create SSL/TLS secure channel" but none was applicable to my case.
I have a set of code that is executing against the Splunk HTTP Event collector REST API. if i execute the exact same code from a console C# app locally on my box, all works great.
When i execute it inside a WCF service it fails with the error above. Since the certificate Splunk Light Cloud service uses is a self-signed cert, i set up the following prior to executing my code.
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = new
RemoteCertificateValidationCallback(
delegate { return true; }
);
I also played around with the different options under ServicePointManager.SecurityProtocol, choosing SecurityProtocolType.Tls12 as well with no luck.
The error seems to be always the same. I enabled System.Net diagnostic tracing, but that did not seem helpful. I trimmed it to fit the post limit on stackoverflow.
System.Net Information: 0 : [3768] TlsStream#64025267::.ctor(host=input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, #certs=0)
System.Net Information: 0 : [3712] ConnectStream#21257040 - Sending headers
{
Accept: application/json, application/xml
Content-Type: application/json
Host: hqt-harp03:62677
Content-Length: 1231
Expect: 100-continue
}.
System.Net.Sockets Verbose: 0 : [3712] Socket#7894961::UnsafeBeginSend()
System.Net Information: 0 : [3768] Associating HttpWebRequest#6651366 with ConnectStream#48769823
System.Net.Sockets Verbose: 0 : [3712] Exiting Socket#7894961::UnsafeBeginSend() -> OverlappedAsyncResult#34962020
System.Net.Sockets Verbose: 0 : [4740] Data from Socket#7894961::PostCompletion
System.Net.Sockets Verbose: 0 : [4740] 00000000 : 50 4F 53 54 20 2F 62 6F-6F 74 73 74 72 61 70 2D : POST /bootstrap-
System.Net.Sockets Verbose: 0 : [4740] 00000010 : 61 70 69 2F 6C 6F 67 20-48 54 54 50 2F 31 2E 31 : api/log HTTP/1.1
System.Net.Sockets Verbose: 0 : [4740] 00000020 : 0D 0A 41 63 63 65 70 74-3A 20 61 70 70 6C 69 63 : ..Accept: applic
System.Net.Sockets Verbose: 0 : [4740] 00000030 : 61 74 69 6F 6E 2F 6A 73-6F 6E 2C 20 61 70 70 6C : ation/json, appl
System.Net.Sockets Verbose: 0 : [4740] 00000040 : 69 63 61 74 69 6F 6E 2F-78 6D 6C 0D 0A 43 6F 6E : ication/xml..Con
System.Net.Sockets Verbose: 0 : [4740] 00000050 : 74 65 6E 74 2D 54 79 70-65 3A 20 61 70 70 6C 69 : tent-Type: appli
System.Net Information: 0 : [3768] HttpWebRequest#6651366 - Request: POST /services/collector/event HTTP/1.1
System.Net Information: 0 : [3768] ConnectStream#48769823 - Sending headers
{
Authorization: Splunk <removed for security>
Content-Type: application/json
Host: input-prd-p-kqcmtgqgwbzx.cloud.splunk.com:8088
Content-Length: 41
Expect: 100-continue
Connection: Close
}.
System.Net Information: 0 : [3768] SecureChannel#30995104::.ctor(hostname=input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net.Sockets Verbose: 0 : [4740] 000000B0 : 0A 0D 0A : ...
System.Net.Sockets Verbose: 0 : [4740] Socket#7894961::EndSend(OverlappedAsyncResult#34962020)
System.Net.Sockets Verbose: 0 : [4740] Exiting Socket#7894961::EndSend() -> Int32#179
System.Net.Sockets Verbose: 0 : [4740] Socket#7894961::UnsafeBeginReceive()
System.Net.Sockets Verbose: 0 : [4740] Exiting Socket#7894961::UnsafeBeginReceive() -> OverlappedAsyncResult#44307732
System.Net.Sockets Verbose: 0 : [3712] Data from Socket#7894961::PostCompletion
System.Net.Sockets Verbose: 0 : [3712] 00000000 : 48 54 54 50 2F 31 2E 31-20 31 30 30 20 43 6F 6E : HTTP/1.1 100 Con
System.Net.Sockets Verbose: 0 : [3712] 00000010 : 74 69 6E 75 65 0D 0A 0D-0A : tinue....
System.Net.Sockets Verbose: 0 : [3712] Socket#7894961::EndReceive(OverlappedAsyncResult#44307732)
System.Net.Sockets Verbose: 0 : [3712] Exiting Socket#7894961::EndReceive() -> Int32#25
System.Net Information: 0 : [3768] Enumerating security packages:
System.Net Information: 0 : [3712] Connection#45485984 - Received status line: Version=1.1, StatusCode=100, StatusDescription=Continue.
System.Net Information: 0 : [3712] Connection#45485984 - Received headers
{
}.
System.Net Information: 0 : [3768] Negotiate
System.Net Information: 0 : [3768] NegoExtender
System.Net Information: 0 : [3768] Kerberos
System.Net Information: 0 : [3768] NTLM
System.Net Information: 0 : [3768] TSSSP
System.Net Information: 0 : [3768] pku2u
System.Net Information: 0 : [3768] WDigest
System.Net Information: 0 : [3768] Schannel
System.Net Information: 0 : [3768] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [3768] CREDSSP
System.Net.Sockets Verbose: 0 : [3712] Socket#7894961::UnsafeBeginReceive()
System.Net Information: 0 : [3768] SecureChannel#30995104 - Left with 0 client certificates to choose from.
System.Net.Sockets Verbose: 0 : [3712] Exiting Socket#7894961::UnsafeBeginReceive() -> OverlappedAsyncResult#35417413
System.Net Verbose: 0 : [3712] HttpWebRequest#41728762::EndGetRequestStream()
System.Net Verbose: 0 : [3712] Exiting HttpWebRequest#41728762::EndGetRequestStream() -> ConnectStream#21257040
System.Net Verbose: 0 : [3712] ConnectStream#21257040::BeginWrite()
System.Net Verbose: 0 : [3712] Data from ConnectStream#21257040::BeginWrite
System.Net Information: 0 : [3768] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Verbose: 0 : [3712] (printing 1024 out of 1231)
System.Net Verbose: 0 : [3712] 00000000 : 5B 7B 22 69 64 22 3A 22-30 30 30 30 30 30 30 30 : [{"id":"00000000
System.Net Verbose: 0 : [3712] 00000010 : 2D 30 30 30 30 2D 30 30-30 30 2D 30 30 30 30 2D : -0000-0000-0000-
System.Net Verbose: 0 : [3712] 00000020 : 30 30 30 30 30 30 30 30-30 30 30 30 22 2C 22 74 : 000000000000","t
System.Net Verbose: 0 : [3712] 00000030 : 65 78 74 22 3A 22 30 44-41 35 34 41 46 36 2D 30 : ext":"0DA54AF6-0
System.Net Verbose: 0 : [3712] 00000040 : 37 36 33 2D 34 45 41 35-2D 41 37 43 35 2D 37 33 : 763-4EA5-A7C5-73
System.Net Verbose: 0 : [3712] 00000050 : 35 45 43 33 44 39 34 36-42 38 22 2C 22 74 61 67 : 5EC3D946B8","tag
System.Net Verbose: 0 : [3712] 00000060 : 22 3A 22 4C 6F 67 41 67-67 72 65 67 61 74 6F 72 : ":"LogAggregator
System.Net Verbose: 0 : [3712] 00000070 : 2E 4C 6F 67 53 65 72 76-69 63 65 22 2C 22 6C 6F : .LogService","lo
System.Net Verbose: 0 : [3712] 00000080 : 67 4C 65 76 65 6C 22 3A-35 2C 22 6C 65 76 65 6C : gLevel":5,"level
System.Net Information: 0 : [3768] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Verbose: 0 : [3712] 00000090 : 22 3A 22 46 61 74 61 6C-22 2C 22 73 75 62 73 63 : ":"Fatal","subsc
System.Net Verbose: 0 : [3712] 000000A0 : 72 69 62 65 72 49 64 22-3A 22 30 30 30 30 30 30 : riberId":"000000
System.Net Verbose: 0 : [3712] 000000B0 : 30 30 2D 30 30 30 30 2D-30 30 30 30 2D 30 30 30 : 00-0000-0000-000
System.Net Verbose: 0 : [3712] 000000C0 : 30 2D 30 30 30 30 30 30-30 30 30 30 30 30 22 2C : 0-000000000000",
System.Net Verbose: 0 : [3712] 000000D0 : 22 63 75 73 74 6F 6D 65-72 49 64 22 3A 22 30 38 : "customerId":"08
System.Net Verbose: 0 : [3712] 000000E0 : 38 30 31 39 65 66 2D 33-31 66 65 2D 34 39 31 62 : 8019ef-31fe-491b
System.Net Verbose: 0 : [3712] 000000F0 : 2D 61 62 63 34 2D 31 34-37 36 32 30 64 36 37 38 : -abc4-147620d678
System.Net Verbose: 0 : [3712] 00000100 : 66 64 22 2C 22 76 65 72-73 69 6F 6E 49 64 22 3A : fd","versionId":
System.Net Verbose: 0 : [3712] 00000110 : 22 61 34 32 63 31 36 38-65 2D 37 38 65 64 2D 65 : "a42c168e-78ed-e
System.Net Verbose: 0 : [3712] 00000120 : 36 31 31 2D 38 31 31 38-2D 30 30 35 30 35 36 62 : 611-8118-005056b
System.Net Verbose: 0 : [3712] 00000130 : 34 33 64 39 30 22 2C 22-70 72 6F 76 69 64 65 72 : 43d90","provider
System.Net Information: 0 : [3768] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=119, returned code=ContinueNeeded).
System.Net Verbose: 0 : [3712] 00000140 : 49 64 22 3A 22 30 38 38-30 31 39 65 66 2D 33 31 : Id":"088019ef-31
System.Net Verbose: 0 : [3712] 00000150 : 66 65 2D 34 39 31 62 2D-61 62 63 34 2D 31 34 37 : fe-491b-abc4-147
System.Net.Sockets Verbose: 0 : [3768] Socket#20398441::Send()
System.Net Verbose: 0 : [3712] 00000160 : 36 32 30 64 36 37 38 66-64 22 2C 22 73 65 73 73 : 620d678fd","sess
System.Net Verbose: 0 : [3712] 00000170 : 69 6F 6E 49 64 22 3A 22-30 30 30 30 30 30 30 30 : ionId":"00000000
System.Net.Sockets Verbose: 0 : [3768] Data from Socket#20398441::Send
System.Net Verbose: 0 : [3712] 00000180 : 2D 30 30 30 30 2D 30 30-30 30 2D 30 30 30 30 2D : -0000-0000-0000-
System.Net Verbose: 0 : [3712] 00000190 : 30 30 30 30 30 30 30 30-30 30 30 30 22 2C 22 69 : 000000000000","i
System.Net Verbose: 0 : [3712] 000001A0 : 6E 73 74 61 6E 63 65 49-64 22 3A 22 37 39 30 61 : nstanceId":"790a
System.Net Verbose: 0 : [3712] 000001B0 : 61 63 33 36 2D 36 65 64-34 2D 34 64 39 61 2D 38 : ac36-6ed4-4d9a-8
System.Net Verbose: 0 : [3712] 000001C0 : 33 31 38 2D 33 37 31 31-64 39 63 30 30 38 33 61 : 318-3711d9c0083a
System.Net.Sockets Verbose: 0 : [3768] 00000000 : 16 03 01 00 72 01 00 00-6E 03 01 58 9B 92 5A DA : ....r...n..X..Z.
System.Net.Sockets Verbose: 0 : [3768] 00000010 : B5 7D 61 E1 FA 9C 47 91-9B 1C A1 D5 49 9E B8 0E : .}a...G.....I...
System.Net.Sockets Verbose: 0 : [3768] 00000020 : 53 9B F9 E4 30 7A CB C7-4D 44 52 00 00 06 00 2F : S...0z..MDR..../
System.Net.Sockets Verbose: 0 : [3768] 00000030 : 00 35 00 0A 01 00 00 3F-00 00 00 2E 00 2C 00 00 : .5.....?.....,..
System.Net.Sockets Verbose: 0 : [3768] 00000040 : 29 69 6E 70 75 74 2D 70-72 64 2D 70 2D 6B 71 63 : )input-prd-p-kqc
System.Net Verbose: 0 : [3712] 000001D0 : 22 2C 22 6C 6F 63 61 6C-54 72 61 6E 73 61 63 74 : ","localTransact
System.Net Verbose: 0 : [3712] 000001E0 : 69 6F 6E 49 64 22 3A 6E-75 6C 6C 2C 22 64 69 73 : ionId":null,"dis
System.Net Verbose: 0 : [3712] 000001F0 : 74 72 69 62 75 74 65 64-54 72 61 6E 73 61 63 74 : tributedTransact
System.Net Verbose: 0 : [3712] 00000200 : 69 6F 6E 49 64 22 3A 6E-75 6C 6C 2C 22 6D 61 63 : ionId":null,"mac
System.Net Verbose: 0 : [3712] 00000210 : 68 69 6E 65 4E 61 6D 65-22 3A 22 48 51 54 2D 48 : hineName":"HQT-H
System.Net Verbose: 0 : [3712] 00000220 : 41 52 50 30 33 22 2C 22-74 69 6D 65 73 74 61 6D : ARP03","timestam
System.Net Verbose: 0 : [3712] 00000230 : 70 22 3A 22 32 30 31 37-2D 30 32 2D 30 38 54 32 : p":"2017-02-08T2
System.Net.Sockets Verbose: 0 : [3768] 00000050 : 6D 74 67 71 67 77 62 7A-78 2E 63 6C 6F 75 64 2E : mtgqgwbzx.cloud.
System.Net.Sockets Verbose: 0 : [3768] 00000060 : 73 70 6C 75 6E 6B 2E 63-6F 6D 00 23 00 00 00 17 : splunk.com.#....
System.Net.Sockets Verbose: 0 : [3768] 00000070 : 00 00 FF 01 00 01 00 : .......
System.Net.Sockets Verbose: 0 : [3768] Exiting Socket#20398441::Send() -> Int32#119
System.Net.Sockets Verbose: 0 : [3768] Socket#20398441::Receive()
System.Net Verbose: 0 : [3712] 00000240 : 31 3A 34 39 3A 31 34 2E-30 39 35 32 39 35 5A 22 : 1:49:14.095295Z"
System.Net Verbose: 0 : [3712] 00000250 : 7D 2C 7B 22 69 64 22 3A-22 30 30 30 30 30 30 30 : },{"id":"0000000
System.Net Verbose: 0 : [3712] 00000260 : 30 2D 30 30 30 30 2D 30-30 30 30 2D 30 30 30 30 : 0-0000-0000-0000
System.Net Verbose: 0 : [3712] 00000270 : 2D 30 30 30 30 30 30 30-30 30 30 30 30 22 2C 22 : -000000000000","
System.Net Verbose: 0 : [3712] 00000280 : 74 65 78 74 22 3A 22 68-74 74 70 73 3A 2F 2F 69 : text":"https://i
System.Net Verbose: 0 : [3712] 00000290 : 6E 70 75 74 2D 70 72 64-2D 70 2D 6B 71 63 6D 74 : nput-prd-p-kqcmt
System.Net Verbose: 0 : [3712] 000002A0 : 67 71 67 77 62 7A 78 2E-63 6C 6F 75 64 2E 73 70 : gqgwbzx.cloud.sp
System.Net Verbose: 0 : [3712] 000002B0 : 6C 75 6E 6B 2E 63 6F 6D-3A 38 30 38 38 2F 73 65 : lunk.com:8088/se
System.Net Verbose: 0 : [3712] 000002C0 : 72 76 69 63 65 73 2F 63-6F 6C 6C 65 63 74 6F 72 : rvices/collector
System.Net Verbose: 0 : [3712] 000002D0 : 2F 65 76 65 6E 74 22 2C-22 74 61 67 22 3A 22 4C : /event","tag":"L
System.Net Verbose: 0 : [3712] 000002E0 : 6F 67 41 67 67 72 65 67-61 74 6F 72 2E 4C 6F 67 : ogAggregator.Log
System.Net Verbose: 0 : [3712] 000002F0 : 53 65 72 76 69 63 65 22-2C 22 6C 6F 67 4C 65 76 : Service","logLev
System.Net Verbose: 0 : [3712] 00000300 : 65 6C 22 3A 35 2C 22 6C-65 76 65 6C 22 3A 22 46 : el":5,"level":"F
System.Net Verbose: 0 : [3712] 00000310 : 61 74 61 6C 22 2C 22 73-75 62 73 63 72 69 62 65 : atal","subscribe
System.Net Verbose: 0 : [3712] 00000320 : 72 49 64 22 3A 22 30 30-30 30 30 30 30 30 2D 30 : rId":"00000000-0
System.Net Verbose: 0 : [3712] 00000330 : 30 30 30 2D 30 30 30 30-2D 30 30 30 30 2D 30 30 : 000-0000-0000-00
System.Net Verbose: 0 : [3712] 00000340 : 30 30 30 30 30 30 30 30-30 30 22 2C 22 63 75 73 : 0000000000","cus
System.Net Verbose: 0 : [3712] 00000350 : 74 6F 6D 65 72 49 64 22-3A 22 30 38 38 30 31 39 : tomerId":"088019
System.Net Verbose: 0 : [3712] 00000360 : 65 66 2D 33 31 66 65 2D-34 39 31 62 2D 61 62 63 : ef-31fe-491b-abc
System.Net Verbose: 0 : [3712] 00000370 : 34 2D 31 34 37 36 32 30-64 36 37 38 66 64 22 2C : 4-147620d678fd",
System.Net Verbose: 0 : [3712] 00000380 : 22 76 65 72 73 69 6F 6E-49 64 22 3A 22 61 34 32 : "versionId":"a42
System.Net Verbose: 0 : [3712] 00000390 : 63 31 36 38 65 2D 37 38-65 64 2D 65 36 31 31 2D : c168e-78ed-e611-
System.Net Verbose: 0 : [3712] 000003A0 : 38 31 31 38 2D 30 30 35-30 35 36 62 34 33 64 39 : 8118-005056b43d9
System.Net Verbose: 0 : [3712] 000003B0 : 30 22 2C 22 70 72 6F 76-69 64 65 72 49 64 22 3A : 0","providerId":
System.Net Verbose: 0 : [3712] 000003C0 : 22 30 38 38 30 31 39 65-66 2D 33 31 66 65 2D 34 : "088019ef-31fe-4
System.Net Verbose: 0 : [3712] 000003D0 : 39 31 62 2D 61 62 63 34-2D 31 34 37 36 32 30 64 : 91b-abc4-147620d
System.Net Verbose: 0 : [3712] 000003E0 : 36 37 38 66 64 22 2C 22-73 65 73 73 69 6F 6E 49 : 678fd","sessionI
System.Net Verbose: 0 : [3712] 000003F0 : 64 22 3A 22 30 30 30 30-30 30 30 30 2D 30 30 30 : d":"00000000-000
System.Net.Sockets Verbose: 0 : [3712] Socket#7894961::BeginSend()
System.Net.Sockets Verbose: 0 : [3712] Exiting Socket#7894961::BeginSend() -> OverlappedAsyncResult#57731671
System.Net.Sockets Verbose: 0 : [4740] Data from Socket#7894961::PostCompletion
System.Net.Sockets Verbose: 0 : [4740] (printing 1024 out of 1231)
System.Net.Sockets Verbose: 0 : [4740] 00000000 : 5B 7B 22 69 64 22 3A 22-30 30 30 30 30 30 30 30 : [{"id":"00000000
System.Net.Sockets Verbose: 0 : [4740] 00000010 : 2D 30 30 30 30 2D 30 30-30 30 2D 30 30 30 30 2D : -0000-0000-0000-
System.Net.Sockets Verbose: 0 : [4740] 00000020 : 30 30 30 30 30 30 30 30-30 30 30 30 22 2C 22 74 : 000000000000","t
System.Net.Sockets Verbose: 0 : [4740] 00000030 : 65 78 74 22 3A 22 30 44-41 35 34 41 46 36 2D 30 : ext":"0DA54AF6-0
System.Net Verbose: 0 : [3712] Exiting ConnectStream#21257040::BeginWrite() -> NestedSingleAsyncResult#10279613
System.Net.Sockets Verbose: 0 : [4740] 00000040 : 37 36 33 2D 34 45 41 35-2D 41 37 43 35 2D 37 33 : 763-4EA5-A7C5-73
System.Net.Sockets Verbose: 0 : [4740] 00000050 : 35 45 43 33 44 39 34 36-42 38 22 2C 22 74 61 67 : 5EC3D946B8","tag
System.Net.Sockets Verbose: 0 : [4740] 00000060 : 22 3A 22 4C 6F 67 41 67-67 72 65 67 61 74 6F 72 : ":"LogAggregator
System.Net.Sockets Verbose: 0 : [4740] 00000070 : 2E 4C 6F 67 53 65 72 76-69 63 65 22 2C 22 6C 6F : .LogService","lo
System.Net.Sockets Verbose: 0 : [4740] 00000080 : 67 4C 65 76 65 6C 22 3A-35 2C 22 6C 65 76 65 6C : gLevel":5,"level
System.Net.Sockets Verbose: 0 : [4740] 00000090 : 22 3A 22 46 61 74 61 6C-22 2C 22 73 75 62 73 63 : ":"Fatal","subsc
System.Net.Sockets Verbose: 0 : [4740] 000000A0 : 72 69 62 65 72 49 64 22-3A 22 30 30 30 30 30 30 : riberId":"000000
System.Net.Sockets Verbose: 0 : [4740] 000000B0 : 30 30 2D 30 30 30 30 2D-30 30 30 30 2D 30 30 30 : 00-0000-0000-000
System.Net.Sockets Verbose: 0 : [4740] 000000C0 : 30 2D 30 30 30 30 30 30-30 30 30 30 30 30 22 2C : 0-000000000000",
System.Net.Sockets Verbose: 0 : [4740] 000000D0 : 22 63 75 73 74 6F 6D 65-72 49 64 22 3A 22 30 38 : "customerId":"08
System.Net.Sockets Verbose: 0 : [4740] 000000E0 : 38 30 31 39 65 66 2D 33-31 66 65 2D 34 39 31 62 : 8019ef-31fe-491b
System.Net.Sockets Verbose: 0 : [4740] 000000F0 : 2D 61 62 63 34 2D 31 34-37 36 32 30 64 36 37 38 : -abc4-147620d678
System.Net.Sockets Verbose: 0 : [4740] 00000100 : 66 64 22 2C 22 76 65 72-73 69 6F 6E 49 64 22 3A : fd","versionId":
System.Net.Sockets Verbose: 0 : [4740] 00000110 : 22 61 34 32 63 31 36 38-65 2D 37 38 65 64 2D 65 : "a42c168e-78ed-e
System.Net.Sockets Verbose: 0 : [3712] Data from Socket#7894961::PostCompletion
System.Net.Sockets Verbose: 0 : [3712] 00000000 : 48 54 54 50 2F 31 2E 31-20 32 30 31 20 43 72 65 : HTTP/1.1 201 Cre
System.Net.Sockets Verbose: 0 : [3712] 00000010 : 61 74 65 64 0D 0A 43 6F-6E 74 65 6E 74 2D 4C 65 : ated..Content-Le
System.Net.Sockets Verbose: 0 : [3712] 00000020 : 6E 67 74 68 3A 20 30 0D-0A 53 65 72 76 65 72 3A : ngth: 0..Server:
System.Net.Sockets Verbose: 0 : [3712] 00000030 : 20 4D 69 63 72 6F 73 6F-66 74 2D 48 54 54 50 41 : Microsoft-HTTPA
System.Net.Sockets Verbose: 0 : [3712] 00000040 : 50 49 2F 32 2E 30 0D 0A-44 61 74 65 3A 20 57 65 : PI/2.0..Date: We
System.Net.Sockets Verbose: 0 : [3712] 00000050 : 64 2C 20 30 38 20 46 65-62 20 32 30 31 37 20 32 : d, 08 Feb 2017 2
System.Net.Sockets Verbose: 0 : [3712] 00000060 : 31 3A 34 39 3A 31 33 20-47 4D 54 0D 0A 0D 0A : 1:49:13 GMT....
System.Net.Sockets Verbose: 0 : [3712] Socket#7894961::EndReceive(OverlappedAsyncResult#35417413)
System.Net.Sockets Verbose: 0 : [3712] Exiting Socket#7894961::EndReceive() -> Int32#111
System.Net Information: 0 : [3712] Connection#45485984 - Received status line: Version=1.1, StatusCode=201, StatusDescription=Created.
System.Net Information: 0 : [3712] Connection#45485984 - Received headers
{
Content-Length: 0
Date: Wed, 08 Feb 2017 21:49:13 GMT
Server: Microsoft-HTTPAPI/2.0
}.
System.Net Information: 0 : [3712] ConnectStream#33939037::ConnectStream(Buffered 0 bytes.)
System.Net.Sockets Verbose: 0 : [4740] 00000120 : 36 31 31 2D 38 31 31 38-2D 30 30 35 30 35 36 62 : 611-8118-005056b
System.Net.Sockets Verbose: 0 : [4740] 00000130 : 34 33 64 39 30 22 2C 22-70 72 6F 76 69 64 65 72 : 43d90","provider
System.Net.Sockets Verbose: 0 : [4740] 00000140 : 49 64 22 3A 22 30 38 38-30 31 39 65 66 2D 33 31 : Id":"088019ef-31
System.Net.Sockets Verbose: 0 : [4740] 00000150 : 66 65 2D 34 39 31 62 2D-61 62 63 34 2D 31 34 37 : fe-491b-abc4-147
System.Net.Sockets Verbose: 0 : [4740] 00000160 : 36 32 30 64 36 37 38 66-64 22 2C 22 73 65 73 73 : 620d678fd","sess
System.Net.Sockets Verbose: 0 : [4740] 00000170 : 69 6F 6E 49 64 22 3A 22-30 30 30 30 30 30 30 30 : ionId":"00000000
System.Net.Sockets Verbose: 0 : [4740] 00000180 : 2D 30 30 30 30 2D 30 30-30 30 2D 30 30 30 30 2D : -0000-0000-0000-
System.Net.Sockets Verbose: 0 : [4740] 00000190 : 30 30 30 30 30 30 30 30-30 30 30 30 22 2C 22 69 : 000000000000","i
System.Net.Sockets Verbose: 0 : [4740] 000001A0 : 6E 73 74 61 6E 63 65 49-64 22 3A 22 37 39 30 61 : nstanceId":"790a
System.Net.Sockets Verbose: 0 : [4740] 000001B0 : 61 63 33 36 2D 36 65 64-34 2D 34 64 39 61 2D 38 : ac36-6ed4-4d9a-8
System.Net.Sockets Verbose: 0 : [4740] 000001C0 : 33 31 38 2D 33 37 31 31-64 39 63 30 30 38 33 61 : 318-3711d9c0083a
System.Net.Sockets Verbose: 0 : [4740] 000001D0 : 22 2C 22 6C 6F 63 61 6C-54 72 61 6E 73 61 63 74 : ","localTransact
System.Net.Sockets Verbose: 0 : [4740] 000001E0 : 69 6F 6E 49 64 22 3A 6E-75 6C 6C 2C 22 64 69 73 : ionId":null,"dis
System.Net.Sockets Verbose: 0 : [4740] 000001F0 : 74 72 69 62 75 74 65 64-54 72 61 6E 73 61 63 74 : tributedTransact
System.Net.Sockets Verbose: 0 : [4740] 00000200 : 69 6F 6E 49 64 22 3A 6E-75 6C 6C 2C 22 6D 61 63 : ionId":null,"mac
System.Net.Sockets Verbose: 0 : [4740] 00000210 : 68 69 6E 65 4E 61 6D 65-22 3A 22 48 51 54 2D 48 : hineName":"HQT-H
System.Net.Sockets Verbose: 0 : [4740] 00000220 : 41 52 50 30 33 22 2C 22-74 69 6D 65 73 74 61 6D : ARP03","timestam
System.Net.Sockets Verbose: 0 : [4740] 00000230 : 70 22 3A 22 32 30 31 37-2D 30 32 2D 30 38 54 32 : p":"2017-02-08T2
System.Net.Sockets Verbose: 0 : [4740] 00000240 : 31 3A 34 39 3A 31 34 2E-30 39 35 32 39 35 5A 22 : 1:49:14.095295Z"
System.Net.Sockets Verbose: 0 : [4740] 00000250 : 7D 2C 7B 22 69 64 22 3A-22 30 30 30 30 30 30 30 : },{"id":"0000000
System.Net.Sockets Verbose: 0 : [4740] 00000260 : 30 2D 30 30 30 30 2D 30-30 30 30 2D 30 30 30 30 : 0-0000-0000-0000
System.Net.Sockets Verbose: 0 : [4740] 00000270 : 2D 30 30 30 30 30 30 30-30 30 30 30 30 22 2C 22 : -000000000000","
System.Net.Sockets Verbose: 0 : [4740] 00000280 : 74 65 78 74 22 3A 22 68-74 74 70 73 3A 2F 2F 69 : text":"https://i
System.Net.Sockets Verbose: 0 : [4740] 00000290 : 6E 70 75 74 2D 70 72 64-2D 70 2D 6B 71 63 6D 74 : nput-prd-p-kqcmt
System.Net.Sockets Verbose: 0 : [4740] 000002A0 : 67 71 67 77 62 7A 78 2E-63 6C 6F 75 64 2E 73 70 : gqgwbzx.cloud.sp
System.Net.Sockets Verbose: 0 : [4740] 000002B0 : 6C 75 6E 6B 2E 63 6F 6D-3A 38 30 38 38 2F 73 65 : lunk.com:8088/se
System.Net.Sockets Verbose: 0 : [4740] 000002C0 : 72 76 69 63 65 73 2F 63-6F 6C 6C 65 63 74 6F 72 : rvices/collector
System.Net.Sockets Verbose: 0 : [4740] 000002D0 : 2F 65 76 65 6E 74 22 2C-22 74 61 67 22 3A 22 4C : /event","tag":"L
System.Net.Sockets Verbose: 0 : [4740] 000002E0 : 6F 67 41 67 67 72 65 67-61 74 6F 72 2E 4C 6F 67 : ogAggregator.Log
System.Net.Sockets Verbose: 0 : [4740] 000002F0 : 53 65 72 76 69 63 65 22-2C 22 6C 6F 67 4C 65 76 : Service","logLev
System.Net.Sockets Verbose: 0 : [4740] 00000300 : 65 6C 22 3A 35 2C 22 6C-65 76 65 6C 22 3A 22 46 : el":5,"level":"F
System.Net.Sockets Verbose: 0 : [4740] 00000310 : 61 74 61 6C 22 2C 22 73-75 62 73 63 72 69 62 65 : atal","subscribe
System.Net.Sockets Verbose: 0 : [4740] 00000320 : 72 49 64 22 3A 22 30 30-30 30 30 30 30 30 2D 30 : rId":"00000000-0
System.Net.Sockets Verbose: 0 : [4740] 00000330 : 30 30 30 2D 30 30 30 30-2D 30 30 30 30 2D 30 30 : 000-0000-0000-00
System.Net.Sockets Verbose: 0 : [4740] 00000340 : 30 30 30 30 30 30 30 30-30 30 22 2C 22 63 75 73 : 0000000000","cus
System.Net.Sockets Verbose: 0 : [4740] 00000350 : 74 6F 6D 65 72 49 64 22-3A 22 30 38 38 30 31 39 : tomerId":"088019
System.Net.Sockets Verbose: 0 : [4740] 00000360 : 65 66 2D 33 31 66 65 2D-34 39 31 62 2D 61 62 63 : ef-31fe-491b-abc
System.Net.Sockets Verbose: 0 : [4740] 00000370 : 34 2D 31 34 37 36 32 30-64 36 37 38 66 64 22 2C : 4-147620d678fd",
System.Net.Sockets Verbose: 0 : [4740] 00000380 : 22 76 65 72 73 69 6F 6E-49 64 22 3A 22 61 34 32 : "versionId":"a42
System.Net.Sockets Verbose: 0 : [4740] 00000390 : 63 31 36 38 65 2D 37 38-65 64 2D 65 36 31 31 2D : c168e-78ed-e611-
System.Net.Sockets Verbose: 0 : [4740] 000003A0 : 38 31 31 38 2D 30 30 35-30 35 36 62 34 33 64 39 : 8118-005056b43d9
System.Net.Sockets Verbose: 0 : [4740] 000003B0 : 30 22 2C 22 70 72 6F 76-69 64 65 72 49 64 22 3A : 0","providerId":
System.Net.Sockets Verbose: 0 : [4740] 000003C0 : 22 30 38 38 30 31 39 65-66 2D 33 31 66 65 2D 34 : "088019ef-31fe-4
System.Net.Sockets Verbose: 0 : [4740] 000003D0 : 39 31 62 2D 61 62 63 34-2D 31 34 37 36 32 30 64 : 91b-abc4-147620d
System.Net.Sockets Verbose: 0 : [4740] 000003E0 : 36 37 38 66 64 22 2C 22-73 65 73 73 69 6F 6E 49 : 678fd","sessionI
System.Net.Sockets Verbose: 0 : [4740] 000003F0 : 64 22 3A 22 30 30 30 30-30 30 30 30 2D 30 30 30 : d":"00000000-000
System.Net.Sockets Verbose: 0 : [4740] Socket#7894961::EndSend(OverlappedAsyncResult#57731671)
System.Net.Sockets Verbose: 0 : [4740] Exiting Socket#7894961::EndSend() -> Int32#1231
System.Net Verbose: 0 : [4740] ConnectStream#21257040::EndWrite()
System.Net Verbose: 0 : [4740] Exiting ConnectStream#21257040::EndWrite()
System.Net Verbose: 0 : [4740] ConnectStream#21257040::Close()
System.Net Verbose: 0 : [4740] Exiting ConnectStream#21257040::Close()
System.Net Verbose: 0 : [4740] HttpWebRequest#41728762::BeginGetResponse()
System.Net Information: 0 : [4740] Associating HttpWebRequest#41728762 with ConnectStream#33939037
System.Net Information: 0 : [4740] Associating HttpWebRequest#41728762 with HttpWebResponse#2882782
System.Net Verbose: 0 : [4740] HttpWebRequest#41728762::EndGetResponse()
System.Net Verbose: 0 : [4740] Exiting HttpWebRequest#41728762::EndGetResponse() -> HttpWebResponse#2882782
System.Net.Http Verbose: 0 : [4740] HttpResponseMessage#11194425::.ctor(StatusCode: 201, ReasonPhrase: '')
System.Net.Http Verbose: 0 : [4740] Exiting HttpResponseMessage#11194425::.ctor()
System.Net.Http Information: 0 : [4740] Associating HttpResponseMessage#11194425 with HttpRequestMessage#13009416
System.Net Verbose: 0 : [4740] HttpWebResponse#2882782::GetResponseStream()
System.Net Information: 0 : [4740] ContentLength=0
System.Net Verbose: 0 : [4740] Exiting HttpWebResponse#2882782::GetResponseStream() -> ConnectStream#33939037
System.Net.Http Verbose: 0 : [4740] StreamContent#12117429::.ctor()
System.Net.Http Verbose: 0 : [4740] Exiting StreamContent#12117429::.ctor()
System.Net.Http Information: 0 : [4740] Associating StreamContent#12117429 with WebExceptionWrapperStream#34540003
System.Net.Http Information: 0 : [4740] Associating HttpResponseMessage#11194425 with StreamContent#12117429
System.Net Verbose: 0 : [4740] ConnectStream#33939037::BeginRead()
System.Net Verbose: 0 : [4740] Exiting ConnectStream#33939037::BeginRead() -> NestedSingleAsyncResult#62046035
System.Net Verbose: 0 : [4740] ConnectStream#33939037::EndRead()
System.Net Verbose: 0 : [4740] Exiting ConnectStream#33939037::EndRead() -> Int32#0
System.Net Verbose: 0 : [4740] ConnectStream#33939037::Close()
System.Net Verbose: 0 : [4740] Exiting ConnectStream#33939037::Close()
System.Net.Http Information: 0 : [4740] HttpClient#2808346 - Request for HttpRequestMessage#13009416 completed successfully. Returning response HttpResponseMessage#11194425: StatusCode: 201, ReasonPhrase: 'Created', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Date: Wed, 08 Feb 2017 21:49:13 GMT
Server: Microsoft-HTTPAPI/2.0
Content-Length: 0
}
System.Net Verbose: 0 : [4740] Exiting HttpWebRequest#41728762::BeginGetResponse() -> ContextAwareResult#45776532
System.Net.Sockets Verbose: 0 : [11656] Socket#7894961::Dispose()
System.Net.Sockets Verbose: 0 : [3768] Data from Socket#20398441::Receive
System.Net.Sockets Verbose: 0 : [3768] 00000000 : 15 03 01 00 02 : .....
System.Net.Sockets Verbose: 0 : [3768] Exiting Socket#20398441::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [3768] Socket#20398441::Receive()
System.Net.Sockets Verbose: 0 : [3768] Data from Socket#20398441::Receive
System.Net.Sockets Verbose: 0 : [3768] 00000005 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [3768] Exiting Socket#20398441::Receive() -> Int32#2
System.Net Information: 0 : [3768] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1b3a3e40:542be2e580, targetName = input-prd-p-kqcmtgqgwbzx.cloud.splunk.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3768] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [3768] Socket#20398441::Dispose()
System.Net Error: 0 : [3768] Exception in HttpWebRequest#6651366:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [3768] Exception in HttpWebRequest#6651366::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..
It is worth noting that the main different in an SSL trace between a successful and the failed one above is the following:
Failed Code:
InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0,
returned code=IllegalMessage).
Successful Code:
System.Net Information: 0 : [17520]
InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0,
returned code=ContinueNeeded).
Any idea what's special about WCF services that's failing to make an HttWebRequest to an https-based RESTful service?
thanks in advance!

I was finally able to solve this and updating this page for future folks.
In trying to understand the issue, i concentrated my investigation in 3 areas that could possibly cause the response of an IllegalMessage (Win32 SChannel Native Error Code: 0x80090326)
Did the Splunk site use ECC (elliptic curves cryptography) in their
certificate and my server could not support it
Was SSL renegotiation not working
Did the ciphers my computer was producing not matching the certificate expectations
wireshark and microsoft message analyzer helped a little bit, but since I did not have the private key of the Splunk certificate, i could not decrypt a lot of the content. Fiddler, with the man in the middle proxy, gave me some useful data as well.
Eventually, #1 was not an issue. #2 was an issue and I discovered https://support.microsoft.com/en-us/help/2745582/.net-framework-4.5-hotfix-resolves-httpwebrequest-and-sslstream-issues. With that in mind, I updated my computers to .NET 4.6.2
Once I got past all the other issues, #3 became my problem. According to this article, https://technet.microsoft.com/en-us/library/dn786419(v=ws.11).aspx, Windows Server 2012 R2 and Win2k16 support the same TLS and cipher suits. After lots of debugging, i discovered our domain policy had a group policy that restricted the ciphers available for use and demanded a specific order depending on the Operating System you were using. After manual trial and error, I was able to pinpoint the exact 3 ciphers needed by the Splunk Light public endpoint for HTTP event collection:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
the fact that was i executing the code from a WCF service ended up playing no role in this.

Here is the brief summary:
I have a WCF client (.NET 4.0) that behaves well on windows 7 (64 bit), but fails on XP (32 bit). Since I have a lot of XP customers, this is a huge problem.
client is generated from the wsdl file supplied by a service provider.
service is SOAP 1.2 over SSL, with MTOM
client certificates are on Smart Card (ActivIdentity)
Here is the code:
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
//System.Net.ServicePointManager.SecurityProtocol =System.Net.SecurityProtocolType.Tls;//.Ssl3;
EndpointAddress addr = new EndpointAddress(g2bservice);
B2GServiceClient client = new B2GServiceClient(NCTSBinding.Create(), addr);
client.ClientCredentials.ClientCertificate.Certificate = ccer; // one that is on SmartCard
client.Endpoint.Behaviors.Add(new MyCustomBehavior());
echo e = new echo();
e.Msg = "Hello, World!";
echoResponse r = client.echo(e);
and this binding is created like this:
BindingElement[] be = new BindingElement[2];
be[0] = new NCTSMessageEncodingBindingElement();
HttpsTransportBindingElement hbe = new HttpsTransportBindingElement();
hbe.RequireClientCertificate = true;
be[1] = hbe;
CustomBinding _b = new CustomBinding(be);
return _b;
where NCTSMessageEncodingBinding is more-less the same as MtomMessageEncodingBinding with overriden IsContentTypeSupported(...).
So, this code works on Win7, with dialog asking for PIN to get "private parts" from smart card.
On XP, dialog for entering PIN is never issued, there is an error message instead:
"An error occurred while making the HTTP request to https://cistest.apis-it.hr:8446/g2bservis. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server."
Any clues, please?
What are the differences in the supporting infrastructure between XP and Win7?
Little update:
please note bolded lines that differ in working and non working trace log. For some reason, on the windows 7 machine initial message contains service name (cistest.apis-it.hr) in the message, whilst on XP this info is missing. After this message, socket on XP is closed...
Windows 7, working example (same code):
System.Net Information: 0 : [3748] SecureChannel#23960260 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [3748] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [3748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = cistest.apis-it.hr, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3748] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=122, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [3748] Socket#46340781::Send()
System.Net.Sockets Verbose: 0 : [3748] Data from Socket#46340781::Send
System.Net.Sockets Verbose: 0 : [3748] 00000000 : 16 03 01 00 75 01 00 00-71 03 01 4E 67 4E 6A 26 : ....u...q..NgNj&
System.Net.Sockets Verbose: 0 : [3748] 00000010 : C6 C9 65 17 D7 EC C1 A1-15 72 E1 56 80 F4 5A BB : ..e......r.V..Z.
System.Net.Sockets Verbose: 0 : [3748] 00000020 : A8 4C 50 54 84 D4 3E 86-29 68 CA 00 00 18 00 2F : .LPT..>.)h...../
System.Net.Sockets Verbose: 0 : [3748] 00000030 : 00 35 00 05 00 0A C0 13-C0 14 C0 09 C0 0A 00 32 : .5.............2
System.Net.Sockets Verbose: 0 : [3748] 00000040 : 00 38 00 13 00 04 01 00-00 30 FF 01 00 01 00 00 : .8.......0......
System.Net.Sockets Verbose: 0 : [3748] 00000050 : 00 00 17 00 15 00 00 12-63 69 73 74 65 73 74 2E : ........cistest.
System.Net.Sockets Verbose: 0 : [3748] 00000060 : 61 70 69 73 2D 69 74 2E-68 72 00 0A 00 06 00 04 : apis-it.hr......
System.Net.Sockets Verbose: 0 : [3748] 00000070 : 00 17 00 18 00 0B 00 02-01 00 : ..........
System.Net.Sockets Verbose: 0 : [3748] Exiting Socket#46340781::Send() -> 122#122
XP, not working example (same code):
System.Net Information: 0 : [2272] SecureChannel#7307181 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [2272] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [2272] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = cistest.apis-it.hr, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [2272] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=77, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [2272] Socket#32308990::Send()
System.Net.Sockets Verbose: 0 : [2272] Data from Socket#32308990::Send
System.Net.Sockets Verbose: 0 : [2272] 00000000 : 16 03 01 00 48 01 00 00-44 03 01 4E 67 4E 1E C1 : ....H...D..NgN..
System.Net.Sockets Verbose: 0 : [2272] 00000010 : 32 BD E0 57 87 A8 68 8B-32 77 00 18 DE 3F 69 3D : 2..W..h.2w...?i=
System.Net.Sockets Verbose: 0 : [2272] 00000020 : D7 B1 7B 76 AD 26 A6 63-6B BB 49 00 00 16 00 04 : ..{v.&.ck.I.....
System.Net.Sockets Verbose: 0 : [2272] 00000030 : 00 05 00 0A 00 09 00 64-00 62 00 03 00 06 00 13 : .......d.b......
System.Net.Sockets Verbose: 0 : [2272] 00000040 : 00 12 00 63 01 00 00 05-FF 01 00 01 00 : ...c.........
System.Net.Sockets Verbose: 0 : [2272] Exiting Socket#32308990::Send() -> 77#77
System.Net.Sockets Verbose: 0 : [2272] Socket#32308990::Receive()
System.Net.Sockets Verbose: 0 : [2272] Data from Socket#32308990::Receive
System.Net.Sockets Verbose: 0 : [2272] 00000000 : 15 03 01 00 02 : .....
...
System.Net.Sockets Verbose: 0 : [2272] Exiting Socket#32308990::Receive() -> 5#5
System.Net.Sockets Verbose: 0 : [2272] Socket#32308990::Receive()
System.Net.Sockets Verbose: 0 : [2272] Data from Socket#32308990::Receive
System.Net.Sockets Verbose: 0 : [2272] 00000005 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [2272] Exiting Socket#32308990::Receive() -> 2#2
System.Net.Sockets Verbose: 0 : [2272] Socket#32308990::Receive()
System.Net.Sockets Verbose: 0 : [2272] Data from Socket#32308990::Receive
System.Net.Sockets Verbose: 0 : [2272] 00000007 : :
System.Net.Sockets Verbose: 0 : [2272] Exiting Socket#32308990::Receive() -> 0#0
System.Net.Sockets Verbose: 0 : [2272] Socket#32308990::Dispose()

Well, after a month or so trying to solve this issue, the conclusion is that THIS ISSUE CANNOT BE SOLVED. At least it cannot be solved with native .NET and OS support.
Windows XP is apparently too old for the Microsoft to support AES 256 bit encryption, SHA 256 bit signing with RSA for key exchange. There are 40% of users in the world still using XP, so this decision is really strange.
Such support is added into Windows server 2003 (I've tried to add schannel.dll and rsaenh.dll from 2003 to XP, some progress but far from ideal).
Official premium tech support answer was: "Currently the situation looks not promising, there was in the past a request from another customer to have an XP version of KB article 948963, however this request was rejected by our Product group. These security features were introduced in Vista and the 6-7 years difference between the two platforms make it hard to make that change to XP."
So, for the SOAP and WebServices, I would NOT recommend .NET, at least not for enterprise services where you don't control both sides.
Sigh!