Our Server has had SSLv3, TLS1.0 and TLS1.1 disabled. Due to this, Visual Studio fails when trying to Add Service Reference when trying to retrieve the WSDL.
"The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Metadata contains a reference that cannot be resolved:
An error occurred while making the HTTP request to https://mywebsite.com/Service/Service.svc?wsdl. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
The underlying connection was closed: An unexpected error occurred on a send.
Authentication failed because the remote party has closed the transport stream.
If the service is defined in the current solution, try building the solution and adding the service reference again."
The WSDL is accessible in the browser. The WSDL downloads okay when TLS 1.0/1.1 and SSLv3 are enabled. However, due to PCI requirements we have to disable SSLV3, TLS1.0 and TLS1.1.
I am aware of the following System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; but am not quite sure if this would go in the connecting Console Client or the WCF Service (or both).
Any advice would be appreciated
The line below line needs to be in the client, as that is what is making the connection.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
As per this blog TLS 1.2 and .NET Support: How to Avoid Connection Errors, the above will work for .Net 4.5
For .Net 4.6 and above it will default to TLS 1.2 and you do not need to specify TLS 1.2
For .Net 4.0 you need the below instead.
System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
NET 3.5 or below you need to install the appropriate Microsoft Patch for your OS (listed in the blog).
Related
I have a WCF Service that is running on a server using the protocol TLS 1.2. My application, which uses .NET Framework 4.0, communicates with this service. It can communicate through TLS 1.2, with the code below:
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072 | (SecurityProtocolType)768 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;
The problem is that this code will only work if the customer machine have at least the .NET Framework 4.5 installed. Also, some clients have their own servers running this WCF Service, and those use TLS 1.0. I don't want these clients to forced upgrade the .NET Framework of their employees.
So, I want to handle the CommunicationException thrown by the WCF Service, when it cannot communicate through the default SecurityProtocol (TLS 1.0). This exception has the information below:
System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://quellon.espaider.com.br/FacilcorpHomolog/DocSite/DSAddIn.svc. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream exception.
When this specific exception is thrown, I'll use the code shown in the beginning and allow the communication between my application and the service.
I want to know if there is some property or method that I can use to identify when the CommunicationException is this one. The only thing that comes to my mind is using the Message property, which I think is not a good practice.
I am currently developing a .NET client (with WCF) that must consume a third-party SOAP endpoint. This third-party endpoint requires HTTPS. When I test the endpoint with SoapUI, the endpoint responds correctly. However, when I try to consume the endpoint with the .NET client, I get the following exception:
System.ServiceModel.CommunicationException: An error occurred while making the HTTP request This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
The inner exception was:
Unable to read data from the transport connection : An existing connection was forcibly closed by the remote host
The only solution I found was to use a newer version of TLS but this did not solve the issue.
I have a c# application that generates an error "The request was aborted: Could not create SSL/TLS secure channel" when it tries to save a file to a remote SharePoint server. This happens on a Windows 2012 server, but the application runs successfully from my desktop windows machine.
Also, from the dev server, I am able to connect to the SharePoint server with IE11, with only TLS 1.1 enabled.
The application has all security protocols enabled.
I also know that the application never calls the certificatevalidationcallback function.
Given these symptoms, does anyone have any idea what could be going wrong?
After quite a bit of experimentation, I found the solution, but I'm still puzzled. The solution turned out to be the use of
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls11;
which is not surprising. What is surprising is that when I was getting the error, I was using
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;
I specified both protocols because I wasn't sure which was being used by the remote server, and I thought there was no downside to allowing either protocol.
Now I'm wondering why allowing a second protocol causes the application to be unable to establish the secure channel.
There is a windows store app 8.1 connected to a web service via WCF. Recently TLS 1.2 has been set at the server and as a result the app stopped working. Here is the exception
An error occurred while making the HTTP request to
https://services.companyname.com This could be due to
the fact that the server certificate is not configured properly with
HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of
the security binding between the client and the server.
Even a simple web request
WebRequest request = WebRequest.Create(SERVER_URL_PROD);
WebResponse response = await request.GetResponseAsync();
returns the following
An exception of type 'System.Net.WebException' occurred in
mscorlib.dll but was not handled in user code
Additional information: The underlying connection was closed: An
unexpected error occurred on a send.
So how to make windows store app work with TLS 1.2 ?
Update
The code above works in a console app (.NET 4.5) if
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
But ServicePointManager is not available for Windows Store apps
Update 2
Moreover the code works in Windows Phone 8.1 where ServicePointManager is not available.
I've dealt with the TLS 1.2 issue for web applications, and as OP mentions, the simple solution for System.Net.ServicePointManager doesn't work in Windows Store apps.
The workaround is to use Windows.Web.Http instead of System.Net.Http as described in this MSDN forum posting.
I'm making HttpRequests to an external server from my ASP.NET application, to a URL like e.g.:
https://1.2.3.4:12345/Data/Users?Id=1
The server is running a service that responds to these requests with xml (like a web service). My code makes a GET request like this:
var wc = new System.Net.WebClient();
wc.Credentials = credentials; // username and password for service
// get data from server.
string s = Encoding.ASCII.GetString(wc.DownloadData(url));
return s;
It works fine on my Development machine.
But on my Test machine (old windows server 2003 64 box) it fails with this exception:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Googling tells me this is error has about a million different possible causes. None seem to apply.
Details:
I can make the request by pasting the URL into a browser, and this works on the Dev server, but on the Test server, it works on Firefox but not IE (!?!) IE gives a generic "Internet Explorer cannot display the webpage" - looks exactly the same if I change the IP address to something that doesn't exist.
The server is a secured by a self-signed SSL cert, which has been added to local computer's trusted certificate store on both clients (the test and dev boxes). But it's unlikely a certificate issue, since it works fine on dev, and still happens if you ignore certificate validation (on test).
I can telnet to the server (with the right IP and port) from the Test box.
Can anyone suggest something to try? A possible cause? A way to narrow it down a bit?
I finally found a relevant error in the server's windows event log:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
I created a new question, an actually answerable one, Here: How to add to the cipher suites available to ASP.NET HttpRequest client?