Description: The request was aborted: Could not create SSL/TLS secure channel. Platform: Windows Server 2012, Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1

[episode] Website Download It is a whole site download tool. Enter the URL and download with one click. It is easy to use and has multi-threaded tasks.

Solution 1: Code level

Set the code before HttpWebRequest

ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

Solution 2: System level

If the above method does not work, it is a system-level problem. Update the system patch according to the system you are currently using.

Update to enable TLS 1.1 and TLS 1.2 as the default security protocols in WinHTTP in Windows. This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. Refer to the official document https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

Update patch KB3140245

• http://www.catalog.update.microsoft.com/search.aspx?q=kb3140245

Enable TLS 1.1 and 1.2 on Windows 7 at the SChannel component level (using either of the following updates)

Method 1: Use the Microsoft Update installation package to update MicrosoftEasyFix51044.msi

• Microsoft installs the updated registry:http://download.microsoft.com/download/0/6/5/0658B1A7-6D2E-474F-BC2C-D69E5B9E9A68/MicrosoftEasyFix51044.msi

Method 2: Manually update the registry

Copy the following registry code and import it into the registry. Create a new txt file, change the suffix txt to reg (registry item), and import it (make a backup before importing)

WIN7 64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000a00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000a00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80

Windows Server

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001

Verify whether the system supports TLS1.2 and TLS1.3

PowerShell opens:

[Net.ServicePointManager]::SecurityProtocol [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

The first line of code checks the supported TLS version. The second line of code modifies TLS support.

Solution 3: Upgrade the system

The previous two methods are not feasible, so we can only use the ultimate method:

• Upgrade the system to Windows 10 and Windows Server 2019 (support TLS1.2);
• Upgrade the system to Windows 11 and Windows Server 2022 (supports TLS1.3).

Note: For the specific TSL versions supported by each Windows version, please refer to the supplementary information section of this article.

Other references

Other references 1

• https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

Solutions exist, but they depend on the framework version:

.NET 4.6 and later. You don't need to do any additional work to support TLS 1.2, it is supported by default.

.NET 4.5. TLS 1.2 is supported, but it is not the default protocol. You need to opt-in to use it. The following code sets TLS 1.2 as the default, make sure to do it before connecting to a secure resource:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

.NET 4.0 does not support TLS 1.2, but if .NET 4.5 (or later) is installed on your system, then you can still choose to use TLS 1.2 even if your application framework does not support TLS 1.2. The only problem is that SecurityProtocolType in .NET 4.0 does not have an entry for TLS1.2, so we have to use the numeric representation of this enumeration value:

ServicePointManager.SecurityProtocol =（SecurityProtocolType）3072;

.NET 3.5 or lower. TLS 1.2(*) is not supported and there is no workaround. Upgrade your application to the latest version of the framework.

P.S. For scenario 3, there is also a registry hack that will force 4.5 to use TLS 1.2 by default without having to force it programmatically. P.S. As Christian Pop from Microsoft mentions below, there is a recent patch available for .NET 3.5 that enables TLS1.2 support.

See:

• KB3154518 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win7 SP1/Win 2008 R2 SP1
• KB3154519 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8 RTM/Win 2012 RTM
• KB3154520 – Reliability Rollup HR-1605 – NDP 2.0 SP2 – Win8.1RTM/Win 2012 R2 RTM
• KB3156421 -1605 HotFix Rollup through Windows Update for Windows 10.

Other references 2

The certificate key length provided by the website may be 512 bits, which should contain a public key of no less than 2048 bits according to current industry standards. Microsoft responded to this issue in a security update in September 2016. If the public key length is less than 2048 bytes (such as RSA 512),Windows can cancel HTTPS connections

The updates installed are

2012 R2 and Windows 8

• KB3185331
• KB3188743
• KB3174644

2008 R2 and Windows 7

• KB3185278
• KB3185330
• KB3192391
• KB3175024
• KB3172605

Other reference content 3

SecurityProtocolType.Tls1.0=0xC0; SecurityProtocolType.Tls1.1=0x300; SecurityProtocolType.Tls1.2=0xC00;

.NET 4.0/4.5 default value: SecurityProtocolType.Tls | SecurityProtocolType.Ssl3 .NET 4.6/4.7 default value: SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12

https://support.microsoft.com/en-us/help/3069494/cannot-connect-to-a-server-by-using-the-servicepointmanager-or-sslstre

SCH_USE_STRONG_CRYPTO This flag will be automatically used in .NET Framework 4.6 https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework In Win7Sp1 and .Net 3.5.1, TLS1.2 is supported

ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3; //Turn off SSL3 ServicePointManager.SecurityProtocol |= (SecurityProtocolType)0x300 | (SecurityProtocolType)0xc00; //Add support for 1.1 and 1.2

The conclusion of TLS 1.2 is this:

• Installing .Net3.5.1 requires a patch, and then adding TLS1.2 enumeration
• Installing .Net 4.0 requires modifying the registry and adding TLS1.2 enumeration
• After installing .Net4.5, you also need to add TLS1.2 enumeration
• After installing .Net4.6.1, TLS1.2 is supported by default

Registry modification under .net4

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

additional materials

• The following articles are supplemented by us:TLS protocol Windows version support in TLS/SSL (Schannel SSP)

This article is provided byWebsite DownloadCollected and compiled, the content comes from the Internet. Please indicate the source when reprinting. Thank you.