TLS 1.2 does not work after project migration from 4.5.2 to 4.7.2

Question

0.00/5 (No votes)

See more:

I am working on a .net application which is migrated from 4.5.2 to 4.7.2 .net framework. After the migration I was testing my app for only TLS1.2 connectivity and the application breaks while downloading some images with https protocol. if I enable Tls1.2 and SSL3 both then application works as expected. We are testing the application functionality based on only TLS 1.2 and rest all the protocols SSL2, SSL2, TLS1.0, TLS 1.1 i have disabled using IIS Crypto dll. I have made below changes in the config file of my Windows app still if is throwing below attached error …
<appcontextswitchoverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false">
<supportedruntime version="v4.0" sku=".NETFramework,Version=v4.7.2">
Error:
There was a problem downloading the image file: https:/v4_6_Release/common/images/buttons/save.png
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. —> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. —> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
— End of inner exception stack trace —
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
— End of inner exception stack trace —
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadData(Uri address)
at System.Net.WebClient.DownloadData(String address)
at ABC.FileDownloader.DownloadBinaryFile(String url, String username, String password)
at ABC.FileDownloader.DownloadBinaryFile(String url)
at ABC.ButtonBar.GetImageFromFile(String name)

Can anyone please assist here ….

What I have tried:

<appcontextswitchoverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false">
<supportedruntime version="v4.0" sku=".NETFramework,Version=v4.7.2">

Posted 16-Mar-21 23:36pm

Nilesh vairat

Updated 16-Mar-21 23:45pm

v2

Add a Solution

Comments

Richard Deeming 17-Mar-21 6:28am

It sounds like you don't have TLS1.2 enabled in your system default client protocols.

NB: The IIS Crypto tool manages the server protocols. That affects the protocols used for incoming connections. You're making an outgoing connection, so it's the client protocols you need to look at.

Nilesh vairat 17-Mar-21 7:56am

so you want me to disable ssl2,ssl3,tls1.0,tls1.1 from client protocol and for server protocol I should keep all these protocols enabled? in IIS crypto GUI.
still the same, it gives error incase of client protocols as well...

Richard Deeming 17-Mar-21 7:57am

No, you need to enable TLS1.2 in the client protocols.

Nilesh vairat 17-Mar-21 9:39am

I have enabled SSL2,SSl3,TLS1.0,TLS1.1,TLS1.2 for server protocols.
and Enabled TLS1.2 and disabled SSL2,SSL3,TLS1.0,TLS1.1 for client protocol hope this are the expected settings, with this I am getting new err:
The client and server cannot communicate, because they do not possess a common algorithm
There was a problem downloading the image file: https://ABC/v4_6_Release/common/images/buttons/save.png
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadData(Uri address)
at System.Net.WebClient.DownloadData(String address)
at ABC.FileDownloader.DownloadBinaryFile(String url, String username, String password)
at ABC.FileDownloader.DownloadBinaryFile(String url)
at ABC.ButtonBar.GetImageFromFile(String name)

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)