Меню

Fallout 4 mod manager ошибка ssl tls

Разблокировка менеджера модов в лаунчере игры .

Разработчики хитро запрятали кнопку вызова мод менеджера в лаунчере , чтобы его разблокировать делаем следующее :
в файле Fallout4Prefs.ini ( C:UsersВаше имяDocumentsMy GamesFallout4 ) в раздел [Launcher] добавляем строку bEnableFileSelection=1 , сохраняем .
Кнопочка находится здесь :

Спойлер

Думаю кнопочку сделают с патчами, когда СДК выйдет, пока что они бесполезна

Лол,хитро со стороны беседки 😀

StrchiПрикольно, вот только зачем ее убирать туда если и вовсе можно убрать?

StaticSaysMyNamE
Разрабы потому что плагины включали и выключали

Strchi
Ну почему ? Теперь можно не лазить каждый раз в plugins.txt

Jeff-xxx
Просто СДК нету, смысла в кнопке тоже, пока что и плагины создавать откровенно нечем.

Strchi
Смысл есть , иначе зачем люди наштамповали уже десяток разных менеджеров ? Да и моды хорошие уже есть .

Jeff-xxx
Но они без плагинов, в основном ЕНБ и ретекстуры. Окей, я чутка шарю, я попробую вернуть кнопочку нормальную на лаунчер

Будет работать если пиратская версия? У меня не работает

Валентин Заплатин
Всё работает , делай по инструкции .

Нет там кнопочки, возможно в последнем бета патче её убрали, потому что у меня нихрена не получается

Больше не актуально с последним патчем, ее убрали. Моды теперь приходится вручную записывать в plugins.txt (C: Users имяпользователя AppData Local Fallout4) и ставить в свойствах «только чтение», так-как при запуске лаунчер все у даляет.

С включением в новом патче так и не решили это дело?

AlexeyMC
Marionetco
Я же написал что сделать

Yamaguchi-gumi
эта хрень у меня сто лет как сделана! говорят же после обновы вырезали не!?
все истыкал нет там кнопки!

Marionetco
Неужели трудно прочитать что я написал выше?

Yamaguchi-gumi
не прочитал просто коменты! удалил бы тему тогда че людей в заблуждение вводишь!?

Ставьте лучше NMM (Nexus Mod Manager),моды просто в разы удобнее устанавливать и удалять,в один клик,при чём прога подходит для многих игр.
http://www.nexusmods.com/skyrim/mods/modmanager/?

Marionetco
Ты тупой как бревно, или же невнимательный. Тему создавал не я если что.

Yamaguchi-gumi
а че ты тогда кукарекаешь тут?

Yamaguchi-gumi
И так понятно, что в ручную прописывать, вопрос именно в том, как включить менеджер встроенный, после последней обновы. Пока не удалось, или нэксус, или вручную.

Авторизуйтесь, чтобы принять участие в обсуждении.

#1

Posted 06 January 2018 — 09:44 pm

Cocta

    Stranger

  • Members
  • Pip
  • 3 posts

Hi there :D

I downloaded the manager without any problems. But if i start it, the following error message appears:

The request was aborted: no secure SSL / TLS channel could be created

Please help me. I dont know much about programs, so please try to formulate the answer as easy as you can. :D

  • Back to top

#2



jjb54

Posted 06 January 2018 — 10:11 pm

jjb54

    I need coffee to think clearly! 😛

  • Premium Member
  • 4,439 posts

I do not use Windows 10, for a whole lot of reasons … but * IF * you are using Windows 10, this seems to be a some what common ‘ error ‘ and no, I don’t have an answer.

But hopefully this might give you some beginning points to search, * IF * you have Win 10?

I have a few friends that I’ve seen post this » error lamentations » after they went to Win 10.

  • Back to top

#3



Cocta

Posted 06 January 2018 — 10:23 pm

Cocta

    Stranger

  • Members
  • Pip
  • 3 posts

Yes, I´m using Windows 10.

  • Back to top

#4



jjb54

Posted 06 January 2018 — 11:17 pm

jjb54

    I need coffee to think clearly! 😛

  • Premium Member
  • 4,439 posts

Yes, I´m using Windows 10.

Then, as I stated, I do not use W-10, for a lot of reasons. But hopefully that might help you do some focus searching?

Good Luck! :)

  • Back to top

#5



Cocta

Posted 14 January 2018 — 04:50 pm

Cocta

    Stranger

  • Members
  • Pip
  • 3 posts

I’m having the same situation on my Win 10 pc. Are there any hints to fix this?

The details show:

System.Net.WebException: The request was aborted: no secure SSL / TLS channel could be created..
   with System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   with System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
   with System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

  • Back to top

#6



permanentinc232

Posted 07 August 2021 — 08:59 am

permanentinc232

    Stranger

  • Members
  • Pip
  • 1 posts

WHAT!?!? ARE YOU INCOMPETENTS KIDDING ME?? Literally EVERYONE who plays modern games including Fallout 4 uses Windows 10! I mean DUH! You want us to try & play new games like RDR2 & RTX enabled games on Windows 7, Vista or XP?? Because u CANT! These games REQUIRE Win 10! & BTW, HOW is Nexusmods so seemingly «useless» that they cant even help fix their OWN Mod Manager issue which is the only reason as to why NONE of us can even run the Fallout Mod Manager? AKA the program that ALL mods have a download option to download & install with??

The Other error I keep getting for some retarded & VERY annoying reason is: System.IO.DirectoryNotFoundException: Could not find a part of the path ‘C:Userskid_rAppDataLocalFallout4plugins.txt’.

So I think its saying it cant find some «plugins.txt» file, BUT, my Fallout 4 install is a FRESH install from a brand new hard drive, in fact its a brand new PC build since I last played F4 so this file missing or not being found makes NO sense does it??

Is there ANYONE even on Nexusmods Forums who actually has a BRAIN & common sense to actually answer this question/thread that several people are having this issue with?? Honestly I’m shocked that NOBODY has not only solved this issues, but not even TRIED to fix/solve it when I thought this is where the Nexus Mod Manager comes from??

OR, are u ALL saying you created a website/forum without even having ANY knowledge about Fallout 4 or your own «supposed» mod manager??? If someone asks me a question (let alone multiple people, pleading for help on an obviously common issue) about something I own, built myself or know about, I answer them, instead of saying literally the DUMBEST thing I may have ever heard that you should NOT use Windows 10, AKA the ONLY operating system that will even run most modern games! Its like having a problem with your car & a mechanic saying «well, I myself, I don’t drive a car, so have you tried walking 20 miles everyday instead?» «or better yet, have u tried driving a boat to work on the road?» Seriously? WTF is wrong with this site/forum & the Mod Manager not working? GIVE US AN ACTUAL ANSWER THAT ISNT THE SILLIEST THING EVER SAID PLEASE!

  • Back to top

#7



aurreth

Posted 07 August 2021 — 01:21 pm

Um, maybe post in the forum for Vortex, not Fallout 4?  Vortex Support  I mean I don’t know about you, but I’d think if I was having trouble with Nexus’ mod manager I’d ask for help someplace dedicated to helping problems with the mod manager itself, rather than a specific game.

Are there any hints to fix this?

What it’s telling you is that it can’t establish a secure connection with the Nexus servers.  Run Windows Update, then reinstall Vortex.  If you still get the problem try adding an exception for Vortex in Windows Firewall.

Could not find a part of the path ‘C:Userskid_rAppDataLocalFallout4plugins.txt’.  So I think its saying it cant find some «plugins.txt» file,

1.  Did you check to see if that directory and file exist?

2.  That’s not «some plugins.txt file».  That file is how Fallout knows which plugins are installed.  It then uses «loadorder.txt» from the same directory to know which order to load them in.  If your mod manager isn’t finding them the usual cause is YOU not launching the game through Steam so that Windows registry entries get properly updated.  You must launch through Steam at least once so that game paths and folder permissions are properly set.  You don’t have to play the game, but you need to launch up until the main menu.  THEN you can launch the game through the mod manager.

  • Back to top

#8



HeyYou

Posted 07 August 2021 — 02:58 pm

Keep in mind, the AppData folder is a hidden folder, Need to tell windows to show hidden folder in order to see it in explorer.

Also, you need to launch the game at least once in order for a bunch of those files to be generated/placed. Don’t have to actually PLAY, but, do need to fire off the game.

  • Back to top

#9



AugustaCalidia

Posted 07 August 2021 — 06:55 pm

AugustaCalidia

    Mayor of Talos Plaza

  • Premium Member
  • 2,780 posts

WHAT!?!? ARE YOU INCOMPETENTS KIDDING ME??

Numerous «incompetents» have responded to and answered this issue in the Vortex support forums.  However, you can save time by reading the two comments above mine, which contain the answers you would find in the Vortex forums.

Edited by AugustaCalidia, 07 August 2021 — 07:12 pm.

  • Back to top

#10



aurreth

Posted 07 August 2021 — 11:47 pm

Keep in mind, the AppData folder is a hidden folder, Need to tell windows to show hidden folder in order to see it in explorer.

Also, you need to launch the game at least once in order for a bunch of those files to be generated/placed. Don’t have to actually PLAY, but, do need to fire off the game.

You don’t actually need to unhide it.  Click on the address box at the top of File Explorer and type in %appdata%.  That takes you to AppDataRoaming, and you can use the little up arrow to get to AppData, then double click Local, etc.  Windows will let you go to hidden folders if you know the address, or in this case address shortcut.  There’s a shortcut that will take you straight to Local too but I can never remember it, so I go to Roaming and then work my way over.

And I already said the second part!  :P

  • Back to top

Обновлено: 27.01.2023

При попытке клонировать собственный (приватный) репозиторий через GitBash возникает ошибка:

Логин/пароль ввожу верные. Git последней версии. С чем может быть связано возникновение этой проблемы и как решить её?

Я прочитал тот ответ, котрый Вам уже написали.

Мне кажется, что дело не в этом. Начиная с 13 августа гитхаб вроде бы перестал поддерживать аутентификацию по паролю для выполняемых через git операций. Вот что они пишут в их блоге:

«No more password-based authentication for Git operations

То есть, если следовать этой логике, Вам нужно просто настроить авторизацию по ключу. Или, может быть, использовать двухфакторную аутентификацию, но этого я еще не пробовал.

та же проблема. на windows 10 не воспроизводится, на windows server 2012 r2 воспроизводится.

Полностью текст ошибки предоставьте. Через VPN воспроизводится?

В связи с чем на испытывающих проблемы хостах не осталось ни одного поддерживаемого cipher suite. Для OS Windows набор cipher suite можно посмотреть в реестре: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCryptographyConfigurationLocalSSL0010002

Да вероятней. просмотрев у себя реестр на наличие подобных «cipher suite», ни одной не обнаружил, и всё же ума не приложу как можно решить данную проблему.

Fallout 4
Возможно связано с блокировками, ошибка SSL говорит как раз таки от этом.
А решить как то это можно или лучше скачать какой то другой установщик модов? Даня

  • GameSubject � 2017 Вопросы и ответы для геймеров
    Игровое сообщество, помощь игрокам

Мы рады всем гостям которые любят провести свое время в онлайн или одиночных играх. У вас случилась беда, и вы не знаете как решить ту или иную ошибку? При заходе в любимую игрушку детства у вас появляется черный экран и вы уже не можете насладится теми ощущениями что испытывали раньше? Бывает такое что при попытке поиграть, любимая сага игры просто не запускается, тогда уже становится очень обидно. Не волнуйтесь, даже если вы думаете что это не поправимо, у нас вам помогут с этим справится.

Спецаильно для наших уважаемых посетителей, мы собираем лучшие советы и рекомендации которые помогут справится с той или иной проблемой. Как мы уже сказали раньше, даже если вы столкнулись с самыми редкими вылетами, даже если при запуске игры процесс находится в задачах но ничего не происходит, мы все равно найдем оптимальное решение которое подойдет каждому. Ах да, мы забыли упомянуть о самом главном, часто любители поиграть в 3D игры сталкиваются с такой ситуацией когда при попытке зайти в игровое приложение, у них просто происходит вылет или крэш на рабочий стол — с этим мы тоже знаем как боротся.

Вы думали что мы умеем только решать различные технические задачи? Нет это не правда, мы можем помочь каждому взрослому парню который решил найти или вспомнить название игры в которую он так любил поиграть в детстве, но забыл как она называется. Ведь наше игровое сообщество явлется прямой системой вопрос-ответ, вам нужно лишь обратится, и мы сразу же вам дадим ответ.

Fallout 4
Возможно связано с блокировками, ошибка SSL говорит как раз таки от этом.
А решить как то это можно или лучше скачать какой то другой установщик модов? Даня

  • GameSubject � 2017 Вопросы и ответы для геймеров
    Игровое сообщество, помощь игрокам

Мы рады всем гостям которые любят провести свое время в онлайн или одиночных играх. У вас случилась беда, и вы не знаете как решить ту или иную ошибку? При заходе в любимую игрушку детства у вас появляется черный экран и вы уже не можете насладится теми ощущениями что испытывали раньше? Бывает такое что при попытке поиграть, любимая сага игры просто не запускается, тогда уже становится очень обидно. Не волнуйтесь, даже если вы думаете что это не поправимо, у нас вам помогут с этим справится.

Спецаильно для наших уважаемых посетителей, мы собираем лучшие советы и рекомендации которые помогут справится с той или иной проблемой. Как мы уже сказали раньше, даже если вы столкнулись с самыми редкими вылетами, даже если при запуске игры процесс находится в задачах но ничего не происходит, мы все равно найдем оптимальное решение которое подойдет каждому. Ах да, мы забыли упомянуть о самом главном, часто любители поиграть в 3D игры сталкиваются с такой ситуацией когда при попытке зайти в игровое приложение, у них просто происходит вылет или крэш на рабочий стол — с этим мы тоже знаем как боротся.

Вы думали что мы умеем только решать различные технические задачи? Нет это не правда, мы можем помочь каждому взрослому парню который решил найти или вспомнить название игры в которую он так любил поиграть в детстве, но забыл как она называется. Ведь наше игровое сообщество явлется прямой системой вопрос-ответ, вам нужно лишь обратится, и мы сразу же вам дадим ответ.

Читайте также:

      

  • Маска для лица anskin modeling mask charcoal oil control pore management
  •   

  • Стоит ли покупать a plague tale
  •   

  • Диабло 3 самый сильный комплект
  •   

  • Стакаются ли даедалус dota 2
  •   

  • Автографы дота 2 список

Сообщения о ошибке:

System.Net.WebException: Запрос был прерван:Не удалось создать защищенній канал SSL/TLS. в System.Net.HttpWebRequest.GetResponse()

Код в каком месте возникает ошибка:

string html = string.Empty;
            string url = "https://google.com";

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            request.KeepAlive = true;
            
            //навсякий пожарный добавил в решений этой ошибки видел подобое
            request.Credentials = CredentialCache.DefaultCredentials;

            using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
            using (Stream stream = response.GetResponseStream())
            using (StreamReader reader = new StreamReader(stream))
            {
                html = reader.ReadToEnd();
            }

//Нашол решения что это строка должна помогать тут задаеться делегат возращающий true чтобы принимало любой сертификат
ServicePointManager.ServerCertificateValidationCallback += AcceptAllCertificatePolicy;

       //просто делегат возращающий всегда true
        public static bool AcceptAllCertificatePolicy(object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
        {
            return true;
        }


Offline

StaniNeuer

 


#1
Оставлено
:

25 декабря 2019 г. 10:59:20(UTC)

StaniNeuer

Статус: Участник

Группы: Участники

Зарегистрирован: 23.12.2019(UTC)
Сообщений: 12
Российская Федерация
Откуда: Москва

Сказал(а) «Спасибо»: 2 раз

Добрый день!
Пишем на сишарпе клиент для подключения к серверу МДЛП «Честного знака» (REST API). Уперлись в постоянно возникающую ошибку «Запрос был прерван. Не удалось создать защищенный канал SSL/TLS» при попытке подключиться по https. Предположительно проблема в том, что в списке предлагаемых клиентом шифров отсутствуют гостовские, которые требуются серверу. См лог протокола Handshake в прикрепленных файлах. Клиентский и сертификат УЦ установлены.
Собственно вопрос. Как «включить/внедрить» гост-шифры в клиент, чтобы сервер их увидел при установлении соединения? Используем КриптоПро CSP 4.0 и КриптоПро .NET. Может найдется ссылка на пример подобной реализации?
С СКЗИ только недавно начали работать, сильно не пинайте!
Заранее спасибо за помощь!
Support_2019-12-24.JPG (84kb) загружен 25 раз(а). Support_2019-12-25_01.JPG (28kb) загружен 18 раз(а). Support_2019-12-25_03.JPG (43kb) загружен 21 раз(а). Support_2019-12-25_02.JPG (102kb) загружен 20 раз(а).


Вверх


Offline

Андрей Писарев

 


#2
Оставлено
:

25 декабря 2019 г. 11:14:40(UTC)

Андрей *

Статус: Сотрудник

Группы: Участники

Зарегистрирован: 26.07.2011(UTC)
Сообщений: 11,736
Мужчина
Российская Федерация

Сказал «Спасибо»: 451 раз
Поблагодарили: 1838 раз в 1421 постах

Здравствуйте.

В сертификате какой алгоритм?
DNS имя сервера?

p.s.
в IE — отображается, что TLS по ГОСТ-сертификату?

Техническую поддержку оказываем тут
Наша база знаний


Вверх

WWW


Offline

StaniNeuer

 


#3
Оставлено
:

25 декабря 2019 г. 11:34:08(UTC)

StaniNeuer

Статус: Участник

Группы: Участники

Зарегистрирован: 23.12.2019(UTC)
Сообщений: 12
Российская Федерация
Откуда: Москва

Сказал(а) «Спасибо»: 2 раз

В сертификате клиента:
алгоритм открытого ключа ГОСТ Р 34.10-2012 256 бит
алгоритм подписи ГОСТ Р 34.11/34.10-2001
алгоритм хэширования ГОСТ Р 34.11-94

Имя сервера: https://api.stage.mdlp.crpt.ru

В IE открывается только по прямому адресу https://185.196.171.27/, и тогда картинка как в прикрепленном файле. Получается IE тоже не знает про гостовские шифры?

Support_2019-12-25_04.JPG (127kb) загружен 21 раз(а).


Вверх


Offline

Андрей Писарев

 


#4
Оставлено
:

25 декабря 2019 г. 12:06:53(UTC)

Андрей *

Статус: Сотрудник

Группы: Участники

Зарегистрирован: 26.07.2011(UTC)
Сообщений: 11,736
Мужчина
Российская Федерация

Сказал «Спасибо»: 451 раз
Поблагодарили: 1838 раз в 1421 постах

А Вы связывались с ними?
Что в тех.требованиях написано про доступы?
Что написано про «тестовые» сертификаты? Разрешено ли использовать указанный тестовый УЦ (см. разные алгоритмы ГОСТ)?

По http тоже не работает?

Техническую поддержку оказываем тут
Наша база знаний


Вверх

WWW


Offline

StaniNeuer

 


#5
Оставлено
:

25 декабря 2019 г. 12:26:38(UTC)

StaniNeuer

Статус: Участник

Группы: Участники

Зарегистрирован: 23.12.2019(UTC)
Сообщений: 12
Российская Федерация
Откуда: Москва

Сказал(а) «Спасибо»: 2 раз

В тех. требованиях дословно:
«Для взаимодействия по HTTPS используется ГОСТ Р 34.10-2012 сертификат…
Перед установкой соединения необходимо выполнить следующие настройки:
1. Общие настройки:
– В операционной системе Windows (7, 10) добавить запись DisableClientExtendedMasterSecret (dword) в реестре HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL со значением 1 (т.к. Windows по-умолчанию блокирует подобные соединения).
2. Настройки для «Тестового стенда API»:
– Адреса API:
• http://api.stage.mdlp.crpt.ru
• https://api.stage.mdlp.crpt.ru
– Добавить в хранилище доверенных сертификатов тестовый корневой сертификат от КриптоПро. Ссылка для загрузки: http://testca.cryptopro.ru/certsrv/certcarc.asp
– В файл hosts добавить запись:
185.196.171.27 api.stage.mdlp.crpt.ru…
Используемые протоколы и шифры для соединения (SSL шифры были выбраны с учетом требований к информационной безопасности по предоставлению публичного API для доступа к государственной информационной системе):
ssl_protocols: TLSv1 ssl_ciphers: GOST2012-GOST8912-GOST8912″

Ничего более. Излишне, наверное, говорить, что все вышеперечисленное выполнено.
Один важный момент. Для работы с их сервером, необходимо сделать заявку, после чего они открывают доступ с вашего ip-адреса. Поэтому, я думаю, Ваши попытки будут блокироваться, если попытаетесь воспроизвести мою ситуацию.

И да, с http проблем нет, все работает.

У меня по-прежнему остается главный вопрос: каким образом заставить клиента (нашу программу) отправлять серверу нужный cipher suite, ведь, по-видимому, именно в этом проблема. И IE, судя по всему, не может соединиться по той же причине. Где-то у нас в системе не прописаны гостовские шрифты. Должны они устанавливаться при инсталляции КриптоПро CSP?


Вверх


Offline

Андрей Писарев

 


#6
Оставлено
:

25 декабря 2019 г. 12:34:38(UTC)

Андрей *

Статус: Сотрудник

Группы: Участники

Зарегистрирован: 26.07.2011(UTC)
Сообщений: 11,736
Мужчина
Российская Федерация

Сказал «Спасибо»: 451 раз
Поблагодарили: 1838 раз в 1421 постах

проверьте в IE — https://cpca.cryptopro.ru/

Техническую поддержку оказываем тут
Наша база знаний


Вверх

WWW


Offline

Андрей Писарев

 


#7
Оставлено
:

25 декабря 2019 г. 12:36:45(UTC)

Андрей *

Статус: Сотрудник

Группы: Участники

Зарегистрирован: 26.07.2011(UTC)
Сообщений: 11,736
Мужчина
Российская Федерация

Сказал «Спасибо»: 451 раз
Поблагодарили: 1838 раз в 1421 постах

Автор: StaniNeuer Перейти к цитате

Ничего более. Излишне, наверное, говорить, что все вышеперечисленное выполнено.
Один важный момент. Для работы с их сервером, необходимо сделать заявку, после чего они открывают доступ с вашего ip-адреса. Поэтому, я думаю, Ваши попытки будут блокироваться, если попытаетесь воспроизвести мою ситуацию.

И да, с http проблем нет, все работает.

Нет ничего лишнего.
Да, как раз это хотел уточнить.

Сборки ПО какие (КриптоПРО CSP.NET), ОС?

Техническую поддержку оказываем тут
Наша база знаний


Вверх

WWW


Offline

StaniNeuer

 


#8
Оставлено
:

25 декабря 2019 г. 12:54:52(UTC)

StaniNeuer

Статус: Участник

Группы: Участники

Зарегистрирован: 23.12.2019(UTC)
Сообщений: 12
Российская Федерация
Откуда: Москва

Сказал(а) «Спасибо»: 2 раз

Подключение в IE к https://cpca.cryptopro.ru/ выдает сообщение:
«Сертификат безопасности этого веб-сайта не был выпущен доверенным центром сертификации» (см прикрепленный файл)
В контексте нашей проблемы, что это означает? Скорее всего после установки в хранилище доверенных центров, подключение и по этому адресу начнет натыкаться на отсутствие нужного шрифта, Вы так не считаете?

КриптоПро CSP 4.0.9963, КриптоПро .NET 1.0.7132.0, Windows 7

Support_2019-12-25_05.JPG (55kb) загружен 11 раз(а).


Вверх


Offline

Андрей Писарев

 


#9
Оставлено
:

25 декабря 2019 г. 13:03:56(UTC)

Андрей *

Статус: Сотрудник

Группы: Участники

Зарегистрирован: 26.07.2011(UTC)
Сообщений: 11,736
Мужчина
Российская Федерация

Сказал «Спасибо»: 451 раз
Поблагодарили: 1838 раз в 1421 постах

Автор: StaniNeuer Перейти к цитате

Подключение в IE к https://cpca.cryptopro.ru/ выдает сообщение:
«Сертификат безопасности этого веб-сайта не был выпущен доверенным центром сертификации» (см прикрепленный файл)
В контексте нашей проблемы, что это означает? Скорее всего после установки в хранилище доверенных центров, подключение и по этому адресу начнет натыкаться на отсутствие нужного шрифта, Вы так не считаете?

КриптоПро CSP 4.0.9963, КриптоПро .NET 1.0.7132.0, Windows 7

Support_2019-12-25_05.JPG (55kb) загружен 11 раз(а).

Не считаю.
Добавив корневой в доверенные — будет открываться без сообщения.
Вы соединились по ГОСТ-у, т.е. он работает в ОС.

Техническую поддержку оказываем тут
Наша база знаний


Вверх

WWW


Offline

StaniNeuer

 


#10
Оставлено
:

25 декабря 2019 г. 13:10:37(UTC)

StaniNeuer

Статус: Участник

Группы: Участники

Зарегистрирован: 23.12.2019(UTC)
Сообщений: 12
Российская Федерация
Откуда: Москва

Сказал(а) «Спасибо»: 2 раз

Хорошо, давайте проверим. Ссылку на корневой не подскажите, где найти?


Вверх

Пользователи, просматривающие эту тему

Guest

Быстрый переход
 

Вы не можете создавать новые темы в этом форуме.

Вы не можете отвечать в этом форуме.

Вы не можете удалять Ваши сообщения в этом форуме.

Вы не можете редактировать Ваши сообщения в этом форуме.

Вы не можете создавать опросы в этом форуме.

Вы не можете голосовать в этом форуме.

I finally found the answer (I haven’t noted my source but it was from a search);

While the code works in Windows XP, in Windows 7, you must add this at the beginning:

// using System.Net;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// Use SecurityProtocolType.Ssl3 if needed for compatibility reasons

And now, it works perfectly.


ADDENDUM

As mentioned by Robin French; if you are getting this problem while configuring PayPal, please note that they won’t support SSL3 starting by December, 3rd 2018. You’ll need to use TLS. Here’s Paypal page about it.

answered May 25, 2010 at 13:18

Simon Dugré's user avatar

Simon DugréSimon Dugré

17.5k11 gold badges55 silver badges73 bronze badges

24

The solution to this, in .NET 4.5 is

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

If you don’t have .NET 4.5 then use

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

answered Feb 22, 2018 at 14:46

Andrej Z's user avatar

4

Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work.

Works:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

Fails:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;

soccer7's user avatar

soccer7

3,2213 gold badges28 silver badges49 bronze badges

answered Jun 21, 2018 at 21:39

hogarth45's user avatar

hogarth45hogarth45

3,2471 gold badge22 silver badges27 bronze badges

8

Note: Several of the highest voted answers here advise setting ServicePointManager.SecurityProtocol, but Microsoft explicitly advises against doing that. Below, I go into the typical cause of this issue and the best practices for resolving it.

One of the biggest causes of this issue is the active .NET Framework version. The .NET framework runtime version affects which security protocols are enabled by default.

  • In ASP.NET sites, the framework runtime version is often specified in web.config. (see below)
  • In other apps, the runtime version is usually the version for which the project was built, regardless of whether it is running on a machine with a newer .NET version.

There doesn’t seem to be any authoritative documentation on how it specifically works in different versions, but it seems the defaults are determined more or less as follows:

Framework Version Default Protocols
4.5 and earlier SSL 3.0, TLS 1.0
4.6.x TLS 1.0, 1.1, 1.2, 1.3
4.7+ System (OS) Defaults

For the older versions, your mileage may vary somewhat based on which .NET runtimes are installed on the system. For example, there could be a situation where you are using a very old framework and TLS 1.0 is not supported, or using 4.6.x and TLS 1.3 is not supported.

Microsoft’s documentation strongly advises using 4.7+ and the system defaults:

We recommend that you:

  • Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
  • Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
  • Perform a thorough code audit to verify you’re not specifying a TLS or SSL version.

For ASP.NET sites: check the targetFramework version in your <httpRuntime> element, as this (when present) determines which runtime is actually used by your site:

<httpRuntime targetFramework="4.5" />

Better:

<httpRuntime targetFramework="4.7" />

answered Oct 2, 2019 at 6:02

JLRishe's user avatar

JLRisheJLRishe

97.9k19 gold badges129 silver badges166 bronze badges

5

I had this problem trying to hit https://ct.mob0.com/Styles/Fun.png, which is an image distributed by CloudFlare on its CDN that supports crazy stuff like SPDY and weird redirect SSL certs.

Instead of specifying Ssl3 as in Simons answer I was able to fix it by going down to Tls12 like this:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
new WebClient().DownloadData("https://ct.mob0.com/Styles/Fun.png");

InteXX's user avatar

InteXX

5,9056 gold badges40 silver badges73 bronze badges

answered Oct 15, 2014 at 17:42

Bryan Legend's user avatar

Bryan LegendBryan Legend

6,7121 gold badge59 silver badges60 bronze badges

3

After many long hours with this same issue I found that the ASP.NET account the client service was running under didn’t have access to the certificate. I fixed it by going into the IIS Application Pool that the web app runs under, going into Advanced Settings, and changing the Identity to the LocalSystem account from NetworkService.

A better solution is to get the certificate working with the default NetworkService account but this works for quick functional testing.

answered Dec 4, 2014 at 16:31

Nick Gotch's user avatar

Nick GotchNick Gotch

9,11914 gold badges70 silver badges95 bronze badges

3

The error is generic and there are many reasons why the SSL/TLS negotiation may fail. The most common is an invalid or expired server certificate, and you took care of that by providing your own server certificate validation hook, but is not necessarily the only reason. The server may require mutual authentication, it may be configured with a suites of ciphers not supported by your client, it may have a time drift too big for the handshake to succeed and many more reasons.

The best solution is to use the SChannel troubleshooting tools set. SChannel is the SSPI provider responsible for SSL and TLS and your client will use it for the handshake. Take a look at TLS/SSL Tools and Settings.

Also see How to enable Schannel event logging.

answered May 18, 2010 at 18:14

Remus Rusanu's user avatar

Remus RusanuRemus Rusanu

285k40 gold badges429 silver badges564 bronze badges

3

The approach with setting

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

Seems to be okay, because Tls1.2 is latest version of secure protocol. But I decided to look deeper and answer do we really need to hardcode it.

Specs: Windows Server 2012R2 x64.

From the internet there is told that .NetFramework 4.6+ must use Tls1.2 by default. But when I updated my project to 4.6 nothing happened.
I have found some info that tells I need manually do some changes to enable Tls1.2 by default

https://support.microsoft.com/en-in/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

But proposed windows update doesnt work for R2 version

But what helped me is adding 2 values to registry. You can use next PS script so they will be added automatically

Set-ItemProperty -Path 'HKLM:SOFTWAREWow6432NodeMicrosoft.NetFrameworkv4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:SOFTWAREMicrosoft.NetFrameworkv4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

That is kind of what I was looking for. But still I cant answer on question why NetFramework 4.6+ doesn’t set this …Protocol value automatically?

answered Oct 28, 2019 at 20:58

simply good's user avatar

simply goodsimply good

9211 gold badge11 silver badges25 bronze badges

5

Another possible cause of the The request was aborted: Could not create SSL/TLS secure channel error is a mismatch between your client PC’s configured cipher_suites values, and the values that the server is configured as being willing and able to accept. In this case, when your client sends the list of cipher_suites values that it is able to accept in its initial SSL handshaking/negotiation «Client Hello» message, the server sees that none of the provided values are acceptable, and may return an «Alert» response instead of proceeding to the «Server Hello» step of the SSL handshake.

To investigate this possibility, you can download Microsoft Message Analyzer, and use it to run a trace on the SSL negotiation that occurs when you try and fail to establish an HTTPS connection to the server (in your C# app).

If you are able to make a successful HTTPS connection from another environment (e.g. the Windows XP machine that you mentioned — or possibly by hitting the HTTPS URL in a non-Microsoft browser that doesn’t use the OS’s cipher suite settings, such as Chrome or Firefox), run another Message Analyzer trace in that environment to capture what happens when the SSL negotiation succeeds.

Hopefully, you’ll see some difference between the two Client Hello messages that will allow you to pinpoint exactly what about the failing SSL negotiation is causing it to fail. Then you should be able to make configuration changes to Windows that will allow it to succeed. IISCrypto is a great tool to use for this (even for client PCs, despite the «IIS» name).

The following two Windows registry keys govern the cipher_suites values that your PC will use:

  • HKLMSOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL0010002
  • HKLMSYSTEMCurrentControlSetControlCryptographyConfigurationLocalSSL0010002

Here’s a full writeup of how I investigated and solved an instance of this variety of the Could not create SSL/TLS secure channel problem: http://blog.jonschneider.com/2016/08/fix-ssl-handshaking-error-in-windows.html

answered Aug 31, 2016 at 4:33

Jon Schneider's user avatar

Jon SchneiderJon Schneider

24.9k21 gold badges144 silver badges167 bronze badges

3

Something the original answer didn’t have. I added some more code to make it bullet proof.

ServicePointManager.Expect100Continue = true;
        ServicePointManager.DefaultConnectionLimit = 9999;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

answered Jun 1, 2016 at 15:05

SpoiledTechie.com's user avatar

SpoiledTechie.comSpoiledTechie.com

10.4k20 gold badges77 silver badges99 bronze badges

5

The top-voted answer will probably be enough for most people. However, in some circumstances, you could continue getting a «Could not create SSL/TLS secure channel» error even after forcing TLS 1.2. If so, you may want to consult this helpful article for additional troubleshooting steps. To summarize: independent of the TLS/SSL version issue, the client and server must agree on a «cipher suite.» During the «handshake» phase of the SSL connection, the client will list its supported cipher-suites for the server to check against its own list. But on some Windows machines, certain common cipher-suites may have been disabled (seemingly due to well-intentioned attempts to limit attack surface), decreasing the possibility of the client & server agreeing on a cipher suite. If they cannot agree, then you may see «fatal alert code 40» in the event viewer and «Could not create SSL/TLS secure channel» in your .NET program.

The aforementioned article explains how to list all of a machine’s potentially-supported cipher suites and enable additional cipher suites through the Windows Registry. To help check which cipher suites are enabled on the client, try visiting this diagnostic page in MSIE. (Using System.Net tracing may give more definitive results.) To check which cipher suites are supported by the server, try this online tool (assuming that the server is Internet-accessible). It should go without saying that Registry edits must be done with caution, especially where networking is involved. (Is your machine a remote-hosted VM? If you were to break networking, would the VM be accessible at all?)

In my company’s case, we enabled several additional «ECDHE_ECDSA» suites via Registry edit, to fix an immediate problem and guard against future problems. But if you cannot (or will not) edit the Registry, then numerous workarounds (not necessarily pretty) come to mind. For example: your .NET program could delegate its SSL traffic to a separate Python program (which may itself work, for the same reason that Chrome requests may succeed where MSIE requests fail on an affected machine).

answered Jun 1, 2019 at 6:16

APW's user avatar

APWAPW

3544 silver badges6 bronze badges

1

This one is working for me in MVC webclient

public string DownloadSite(string RefinedLink)
{
    try
    {
        Uri address = new Uri(RefinedLink);

        ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

        using (WebClient webClient = new WebClient())
        {
            var stream = webClient.OpenRead(address);
            using (StreamReader sr = new StreamReader(stream))
            {
                var page = sr.ReadToEnd();

                return page;
            }
        }

    }
    catch (Exception e)
    {
        log.Error("DownloadSite - error Lin = " + RefinedLink, e);
        return null;
    }
}

soccer7's user avatar

soccer7

3,2213 gold badges28 silver badges49 bronze badges

answered Oct 4, 2017 at 7:14

Arun Prasad E S's user avatar

Arun Prasad E SArun Prasad E S

9,1198 gold badges73 silver badges84 bronze badges

3

«The request was aborted: Could not create SSL/TLS secure channel» exception can occur if the server is returning an HTTP 401 Unauthorized response to the HTTP request.

You can determine if this is happening by turning on trace-level System.Net logging for your client application, as described in this answer.

Once that logging configuration is in place, run the application and reproduce the error, then look in the logging output for a line like this:

System.Net Information: 0 : [9840] Connection#62912200 - Received status line: Version=1.1, StatusCode=401, StatusDescription=Unauthorized.

In my situation, I was failing to set a particular cookie that the server was expecting, leading to the server responding to the request with the 401 error, which in turn led to the «Could not create SSL/TLS secure channel» exception.

HoldOffHunger's user avatar

answered Aug 19, 2014 at 19:55

Jon Schneider's user avatar

Jon SchneiderJon Schneider

24.9k21 gold badges144 silver badges167 bronze badges

1

Another possibility is improper certificate importation on the box. Make sure to select encircled check box. Initially I didn’t do it, so code was either timing out or throwing same exception as private key could not be located.

certificate importation dialog

answered Jul 11, 2012 at 22:27

Sherlock's user avatar

SherlockSherlock

1,0128 silver badges18 bronze badges

1

I had this problem because my web.config had:

<httpRuntime targetFramework="4.5.2" />

and not:

<httpRuntime targetFramework="4.6.1" />

answered Aug 15, 2017 at 10:47

Terje Solem's user avatar

Terje SolemTerje Solem

7661 gold badge9 silver badges25 bronze badges

1

Doing this helped me:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

answered Jan 26, 2021 at 22:39

Merlyn007's user avatar

Merlyn007Merlyn007

4091 gold badge7 silver badges21 bronze badges

0

Finally found solution for me.

Try this adding below line before calling https url (for .Net framework 4.5):

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Luis Teijon's user avatar

Luis Teijon

4,6637 gold badges35 silver badges56 bronze badges

answered Jun 16, 2021 at 5:24

Priyank Sharma's user avatar

0

As you can tell there are plenty of reasons this might happen. Thought I would add the cause I encountered …

If you set the value of WebRequest.Timeout to 0, this is the exception that is thrown. Below is the code I had… (Except instead of a hard-coded 0 for the timeout value, I had a parameter which was inadvertently set to 0).

WebRequest webRequest = WebRequest.Create(@"https://myservice/path");
webRequest.ContentType = "text/html";
webRequest.Method = "POST";
string body = "...";
byte[] bytes = Encoding.ASCII.GetBytes(body);
webRequest.ContentLength = bytes.Length;
var os = webRequest.GetRequestStream();
os.Write(bytes, 0, bytes.Length);
os.Close();
webRequest.Timeout = 0; //setting the timeout to 0 causes the request to fail
WebResponse webResponse = webRequest.GetResponse(); //Exception thrown here ...

answered Apr 25, 2014 at 20:50

TCC's user avatar

TCCTCC

2,5061 gold badge23 silver badges35 bronze badges

1

The root of this exception in my case was that at some point in code the following was being called:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

This is really bad. Not only is it instructing .NET to use an insecure protocol, but this impacts every new WebClient (and similar) request made afterward within your appdomain. (Note that incoming web requests are unaffected in your ASP.NET app, but new WebClient requests, such as to talk to an external web service, are).

In my case, it was not actually needed, so I could just delete the statement and all my other web requests started working fine again. Based on my reading elsewhere, I learned a few things:

  • This is a global setting in your appdomain, and if you have concurrent activity, you can’t reliably set it to one value, do your action, and then set it back. Another action may take place during that small window and be impacted.
  • The correct setting is to leave it default. This allows .NET to continue to use whatever is the most secure default value as time goes on and you upgrade frameworks. Setting it to TLS12 (which is the most secure as of this writing) will work now but in 5 years may start causing mysterious problems.
  • If you really need to set a value, you should consider doing it in a separate specialized application or appdomain and find a way to talk between it and your main pool. Because it’s a single global value, trying to manage it within a busy app pool will only lead to trouble. This answer: https://stackoverflow.com/a/26754917/7656 provides a possible solution by way of a custom proxy. (Note I have not personally implemented it.)

Community's user avatar

answered Sep 16, 2016 at 23:54

Tyler Forsythe's user avatar

1

In my case, the service account running the application did not have permission to access the private key. Once I gave this permission, the error went away

  1. mmc
  2. certificates
  3. Expand to personal
  4. select cert
  5. right click
  6. All tasks
  7. Manage private keys
  8. Add the service account user

answered Nov 13, 2017 at 21:24

Dinesh Rajan's user avatar

Dinesh RajanDinesh Rajan

2,29822 silver badges17 bronze badges

1

If you are running your code from Visual Studio, try running Visual Studio as administrator. Fixed the issue for me.

answered Feb 27, 2018 at 16:59

handles's user avatar

handleshandles

7,59116 gold badges61 silver badges85 bronze badges

1

System.Net.WebException: The request was aborted: Could not create
SSL/TLS secure channel.

In our case, we where using a software vendor so we didn’t have access to modify the .NET code. Apparently .NET 4 won’t use TLS v 1.2 unless there is a change.

The fix for us was adding the SchUseStrongCrypto key to the registry. You can copy/paste the below code into a text file with the .reg extension and execute it. It served as our «patch» to the problem.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

answered Jul 26, 2018 at 14:35

capdragon's user avatar

capdragoncapdragon

14.3k24 gold badges102 silver badges152 bronze badges

3

I have struggled with this problem all day.

When I created a new project with .NET 4.5 I finally got it to work.

But if I downgraded to 4.0 I got the same problem again, and it was irreversable for that project (even when i tried to upgrade to 4.5 again).

Strange no other error message but «The request was aborted: Could not create SSL/TLS secure channel.» came up for this error

answered Dec 2, 2015 at 16:08

aghost's user avatar

aghostaghost

1922 silver badges8 bronze badges

2

In case that the client is a windows machine, a possible reason could be that the tls or ssl protocol required by the service is not activated.

This can be set in:

Control Panel -> Network and Internet -> Internet Options -> Advanced

Scroll settings down to «Security» and choose between

  • Use SSL 2.0
  • Use SSL 3.0
  • Use TLS 1.0
  • Use TLS 1.1
  • Use TLS 1.2

enter image description here

answered May 10, 2017 at 7:05

cnom's user avatar

cnomcnom

2,8614 gold badges27 silver badges59 bronze badges

4

none of this answer not working for me , the google chrome and postman work and handshake the server but ie and .net not working. in google chrome in security tab > connection show that encrypted and authenticated using ECDHE_RSA with P-256 and AES_256_GCM cipher suite to handshake with the server.

enter image description here

i install IIS Crypto and in cipher suites list on windows server 2012 R2 ican’t find ECDHE_RSA with P-256 and AES_256_GCM cipher suite. then i update windows to the last version but the problem not solve. finally after searches i understood that windows server 2012 R2 not support GSM correctly and update my server to windows server 2016 and my problem solved.

answered May 31, 2020 at 5:46

sina alizadeh's user avatar

I was having this same issue and found this answer worked properly for me. The key is 3072. This link provides the details on the ‘3072’ fix.

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

XmlReader r = XmlReader.Create(url);
SyndicationFeed albums = SyndicationFeed.Load(r);

In my case two feeds required the fix:

https://www.fbi.gov/feeds/fbi-in-the-news/atom.xml
https://www.wired.com/feed/category/gear/latest/rss

Stephen Rauch's user avatar

Stephen Rauch

46.6k31 gold badges109 silver badges131 bronze badges

answered May 27, 2018 at 14:02

joeydood's user avatar

joeydoodjoeydood

511 silver badge4 bronze badges

1

None of the answers worked for me.

This is what worked:

Instead of initializing my X509Certifiacte2 like this:

   var certificate = new X509Certificate2(bytes, pass);

I did it like this:

   var certificate = new X509Certificate2(bytes, pass, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

Notice the X509KeyStorageFlags.Exportable !!

I didn’t change the rest of the code (the WebRequest itself):

// I'm not even sure the first two lines are necessary:
ServicePointManager.Expect100Continue = true; 
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

request = (HttpWebRequest)WebRequest.Create(string.Format("https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", server));
request.Method = "GET";
request.Referer = string.Format("https://hercules.sii.cl/cgi_AUT2000/autInicio.cgi?referencia=https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", servidor);
request.UserAgent = "Mozilla/4.0";
request.ClientCertificates.Add(certificate);
request.CookieContainer = new CookieContainer();

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
    // etc...
}

In fact I’m not even sure that the first two lines are necessary…

answered Apr 30, 2019 at 17:58

sports's user avatar

sportssports

7,67312 gold badges69 silver badges128 bronze badges

2

This fixed for me, add Network Service to permissions.
Right click on the certificate > All Tasks > Manage Private Keys… > Add… > Add «Network Service».

Lionel Gaillard's user avatar

answered Apr 6, 2018 at 6:27

jayasurya_j's user avatar

jayasurya_jjayasurya_j

1,4191 gold badge13 silver badges22 bronze badges

1

Another possibility is that the code being executed doesn’t have the required premissions.

In my case, I got this error when using Visual Studio debugger to test a call to a web service. Visual Studio wasn’t running as Administrator, which caused this exception.

answered Oct 30, 2019 at 10:11

OfirD's user avatar

OfirDOfirD

7,8623 gold badges42 silver badges78 bronze badges

I finally found the answer (I haven’t noted my source but it was from a search);

While the code works in Windows XP, in Windows 7, you must add this at the beginning:

// using System.Net;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// Use SecurityProtocolType.Ssl3 if needed for compatibility reasons

And now, it works perfectly.


ADDENDUM

As mentioned by Robin French; if you are getting this problem while configuring PayPal, please note that they won’t support SSL3 starting by December, 3rd 2018. You’ll need to use TLS. Here’s Paypal page about it.

answered May 25, 2010 at 13:18

Simon Dugré's user avatar

Simon DugréSimon Dugré

17.5k11 gold badges55 silver badges73 bronze badges

24

The solution to this, in .NET 4.5 is

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

If you don’t have .NET 4.5 then use

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

answered Feb 22, 2018 at 14:46

Andrej Z's user avatar

4

Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work.

Works:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

Fails:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;

soccer7's user avatar

soccer7

3,2213 gold badges28 silver badges49 bronze badges

answered Jun 21, 2018 at 21:39

hogarth45's user avatar

hogarth45hogarth45

3,2471 gold badge22 silver badges27 bronze badges

8

Note: Several of the highest voted answers here advise setting ServicePointManager.SecurityProtocol, but Microsoft explicitly advises against doing that. Below, I go into the typical cause of this issue and the best practices for resolving it.

One of the biggest causes of this issue is the active .NET Framework version. The .NET framework runtime version affects which security protocols are enabled by default.

  • In ASP.NET sites, the framework runtime version is often specified in web.config. (see below)
  • In other apps, the runtime version is usually the version for which the project was built, regardless of whether it is running on a machine with a newer .NET version.

There doesn’t seem to be any authoritative documentation on how it specifically works in different versions, but it seems the defaults are determined more or less as follows:

Framework Version Default Protocols
4.5 and earlier SSL 3.0, TLS 1.0
4.6.x TLS 1.0, 1.1, 1.2, 1.3
4.7+ System (OS) Defaults

For the older versions, your mileage may vary somewhat based on which .NET runtimes are installed on the system. For example, there could be a situation where you are using a very old framework and TLS 1.0 is not supported, or using 4.6.x and TLS 1.3 is not supported.

Microsoft’s documentation strongly advises using 4.7+ and the system defaults:

We recommend that you:

  • Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.
  • Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.
  • Perform a thorough code audit to verify you’re not specifying a TLS or SSL version.

For ASP.NET sites: check the targetFramework version in your <httpRuntime> element, as this (when present) determines which runtime is actually used by your site:

<httpRuntime targetFramework="4.5" />

Better:

<httpRuntime targetFramework="4.7" />

answered Oct 2, 2019 at 6:02

JLRishe's user avatar

JLRisheJLRishe

97.9k19 gold badges129 silver badges166 bronze badges

5

I had this problem trying to hit https://ct.mob0.com/Styles/Fun.png, which is an image distributed by CloudFlare on its CDN that supports crazy stuff like SPDY and weird redirect SSL certs.

Instead of specifying Ssl3 as in Simons answer I was able to fix it by going down to Tls12 like this:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
new WebClient().DownloadData("https://ct.mob0.com/Styles/Fun.png");

InteXX's user avatar

InteXX

5,9056 gold badges40 silver badges73 bronze badges

answered Oct 15, 2014 at 17:42

Bryan Legend's user avatar

Bryan LegendBryan Legend

6,7121 gold badge59 silver badges60 bronze badges

3

After many long hours with this same issue I found that the ASP.NET account the client service was running under didn’t have access to the certificate. I fixed it by going into the IIS Application Pool that the web app runs under, going into Advanced Settings, and changing the Identity to the LocalSystem account from NetworkService.

A better solution is to get the certificate working with the default NetworkService account but this works for quick functional testing.

answered Dec 4, 2014 at 16:31

Nick Gotch's user avatar

Nick GotchNick Gotch

9,11914 gold badges70 silver badges95 bronze badges

3

The error is generic and there are many reasons why the SSL/TLS negotiation may fail. The most common is an invalid or expired server certificate, and you took care of that by providing your own server certificate validation hook, but is not necessarily the only reason. The server may require mutual authentication, it may be configured with a suites of ciphers not supported by your client, it may have a time drift too big for the handshake to succeed and many more reasons.

The best solution is to use the SChannel troubleshooting tools set. SChannel is the SSPI provider responsible for SSL and TLS and your client will use it for the handshake. Take a look at TLS/SSL Tools and Settings.

Also see How to enable Schannel event logging.

answered May 18, 2010 at 18:14

Remus Rusanu's user avatar

Remus RusanuRemus Rusanu

285k40 gold badges429 silver badges564 bronze badges

3

The approach with setting

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

Seems to be okay, because Tls1.2 is latest version of secure protocol. But I decided to look deeper and answer do we really need to hardcode it.

Specs: Windows Server 2012R2 x64.

From the internet there is told that .NetFramework 4.6+ must use Tls1.2 by default. But when I updated my project to 4.6 nothing happened.
I have found some info that tells I need manually do some changes to enable Tls1.2 by default

https://support.microsoft.com/en-in/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

But proposed windows update doesnt work for R2 version

But what helped me is adding 2 values to registry. You can use next PS script so they will be added automatically

Set-ItemProperty -Path 'HKLM:SOFTWAREWow6432NodeMicrosoft.NetFrameworkv4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:SOFTWAREMicrosoft.NetFrameworkv4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

That is kind of what I was looking for. But still I cant answer on question why NetFramework 4.6+ doesn’t set this …Protocol value automatically?

answered Oct 28, 2019 at 20:58

simply good's user avatar

simply goodsimply good

9211 gold badge11 silver badges25 bronze badges

5

Another possible cause of the The request was aborted: Could not create SSL/TLS secure channel error is a mismatch between your client PC’s configured cipher_suites values, and the values that the server is configured as being willing and able to accept. In this case, when your client sends the list of cipher_suites values that it is able to accept in its initial SSL handshaking/negotiation «Client Hello» message, the server sees that none of the provided values are acceptable, and may return an «Alert» response instead of proceeding to the «Server Hello» step of the SSL handshake.

To investigate this possibility, you can download Microsoft Message Analyzer, and use it to run a trace on the SSL negotiation that occurs when you try and fail to establish an HTTPS connection to the server (in your C# app).

If you are able to make a successful HTTPS connection from another environment (e.g. the Windows XP machine that you mentioned — or possibly by hitting the HTTPS URL in a non-Microsoft browser that doesn’t use the OS’s cipher suite settings, such as Chrome or Firefox), run another Message Analyzer trace in that environment to capture what happens when the SSL negotiation succeeds.

Hopefully, you’ll see some difference between the two Client Hello messages that will allow you to pinpoint exactly what about the failing SSL negotiation is causing it to fail. Then you should be able to make configuration changes to Windows that will allow it to succeed. IISCrypto is a great tool to use for this (even for client PCs, despite the «IIS» name).

The following two Windows registry keys govern the cipher_suites values that your PC will use:

  • HKLMSOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL0010002
  • HKLMSYSTEMCurrentControlSetControlCryptographyConfigurationLocalSSL0010002

Here’s a full writeup of how I investigated and solved an instance of this variety of the Could not create SSL/TLS secure channel problem: http://blog.jonschneider.com/2016/08/fix-ssl-handshaking-error-in-windows.html

answered Aug 31, 2016 at 4:33

Jon Schneider's user avatar

Jon SchneiderJon Schneider

24.9k21 gold badges144 silver badges167 bronze badges

3

Something the original answer didn’t have. I added some more code to make it bullet proof.

ServicePointManager.Expect100Continue = true;
        ServicePointManager.DefaultConnectionLimit = 9999;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

answered Jun 1, 2016 at 15:05

SpoiledTechie.com's user avatar

SpoiledTechie.comSpoiledTechie.com

10.4k20 gold badges77 silver badges99 bronze badges

5

The top-voted answer will probably be enough for most people. However, in some circumstances, you could continue getting a «Could not create SSL/TLS secure channel» error even after forcing TLS 1.2. If so, you may want to consult this helpful article for additional troubleshooting steps. To summarize: independent of the TLS/SSL version issue, the client and server must agree on a «cipher suite.» During the «handshake» phase of the SSL connection, the client will list its supported cipher-suites for the server to check against its own list. But on some Windows machines, certain common cipher-suites may have been disabled (seemingly due to well-intentioned attempts to limit attack surface), decreasing the possibility of the client & server agreeing on a cipher suite. If they cannot agree, then you may see «fatal alert code 40» in the event viewer and «Could not create SSL/TLS secure channel» in your .NET program.

The aforementioned article explains how to list all of a machine’s potentially-supported cipher suites and enable additional cipher suites through the Windows Registry. To help check which cipher suites are enabled on the client, try visiting this diagnostic page in MSIE. (Using System.Net tracing may give more definitive results.) To check which cipher suites are supported by the server, try this online tool (assuming that the server is Internet-accessible). It should go without saying that Registry edits must be done with caution, especially where networking is involved. (Is your machine a remote-hosted VM? If you were to break networking, would the VM be accessible at all?)

In my company’s case, we enabled several additional «ECDHE_ECDSA» suites via Registry edit, to fix an immediate problem and guard against future problems. But if you cannot (or will not) edit the Registry, then numerous workarounds (not necessarily pretty) come to mind. For example: your .NET program could delegate its SSL traffic to a separate Python program (which may itself work, for the same reason that Chrome requests may succeed where MSIE requests fail on an affected machine).

answered Jun 1, 2019 at 6:16

APW's user avatar

APWAPW

3544 silver badges6 bronze badges

1

This one is working for me in MVC webclient

public string DownloadSite(string RefinedLink)
{
    try
    {
        Uri address = new Uri(RefinedLink);

        ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

        using (WebClient webClient = new WebClient())
        {
            var stream = webClient.OpenRead(address);
            using (StreamReader sr = new StreamReader(stream))
            {
                var page = sr.ReadToEnd();

                return page;
            }
        }

    }
    catch (Exception e)
    {
        log.Error("DownloadSite - error Lin = " + RefinedLink, e);
        return null;
    }
}

soccer7's user avatar

soccer7

3,2213 gold badges28 silver badges49 bronze badges

answered Oct 4, 2017 at 7:14

Arun Prasad E S's user avatar

Arun Prasad E SArun Prasad E S

9,1198 gold badges73 silver badges84 bronze badges

3

«The request was aborted: Could not create SSL/TLS secure channel» exception can occur if the server is returning an HTTP 401 Unauthorized response to the HTTP request.

You can determine if this is happening by turning on trace-level System.Net logging for your client application, as described in this answer.

Once that logging configuration is in place, run the application and reproduce the error, then look in the logging output for a line like this:

System.Net Information: 0 : [9840] Connection#62912200 - Received status line: Version=1.1, StatusCode=401, StatusDescription=Unauthorized.

In my situation, I was failing to set a particular cookie that the server was expecting, leading to the server responding to the request with the 401 error, which in turn led to the «Could not create SSL/TLS secure channel» exception.

HoldOffHunger's user avatar

answered Aug 19, 2014 at 19:55

Jon Schneider's user avatar

Jon SchneiderJon Schneider

24.9k21 gold badges144 silver badges167 bronze badges

1

Another possibility is improper certificate importation on the box. Make sure to select encircled check box. Initially I didn’t do it, so code was either timing out or throwing same exception as private key could not be located.

certificate importation dialog

answered Jul 11, 2012 at 22:27

Sherlock's user avatar

SherlockSherlock

1,0128 silver badges18 bronze badges

1

I had this problem because my web.config had:

<httpRuntime targetFramework="4.5.2" />

and not:

<httpRuntime targetFramework="4.6.1" />

answered Aug 15, 2017 at 10:47

Terje Solem's user avatar

Terje SolemTerje Solem

7661 gold badge9 silver badges25 bronze badges

1

Doing this helped me:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

answered Jan 26, 2021 at 22:39

Merlyn007's user avatar

Merlyn007Merlyn007

4091 gold badge7 silver badges21 bronze badges

0

Finally found solution for me.

Try this adding below line before calling https url (for .Net framework 4.5):

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Luis Teijon's user avatar

Luis Teijon

4,6637 gold badges35 silver badges56 bronze badges

answered Jun 16, 2021 at 5:24

Priyank Sharma's user avatar

0

As you can tell there are plenty of reasons this might happen. Thought I would add the cause I encountered …

If you set the value of WebRequest.Timeout to 0, this is the exception that is thrown. Below is the code I had… (Except instead of a hard-coded 0 for the timeout value, I had a parameter which was inadvertently set to 0).

WebRequest webRequest = WebRequest.Create(@"https://myservice/path");
webRequest.ContentType = "text/html";
webRequest.Method = "POST";
string body = "...";
byte[] bytes = Encoding.ASCII.GetBytes(body);
webRequest.ContentLength = bytes.Length;
var os = webRequest.GetRequestStream();
os.Write(bytes, 0, bytes.Length);
os.Close();
webRequest.Timeout = 0; //setting the timeout to 0 causes the request to fail
WebResponse webResponse = webRequest.GetResponse(); //Exception thrown here ...

answered Apr 25, 2014 at 20:50

TCC's user avatar

TCCTCC

2,5061 gold badge23 silver badges35 bronze badges

1

The root of this exception in my case was that at some point in code the following was being called:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

This is really bad. Not only is it instructing .NET to use an insecure protocol, but this impacts every new WebClient (and similar) request made afterward within your appdomain. (Note that incoming web requests are unaffected in your ASP.NET app, but new WebClient requests, such as to talk to an external web service, are).

In my case, it was not actually needed, so I could just delete the statement and all my other web requests started working fine again. Based on my reading elsewhere, I learned a few things:

  • This is a global setting in your appdomain, and if you have concurrent activity, you can’t reliably set it to one value, do your action, and then set it back. Another action may take place during that small window and be impacted.
  • The correct setting is to leave it default. This allows .NET to continue to use whatever is the most secure default value as time goes on and you upgrade frameworks. Setting it to TLS12 (which is the most secure as of this writing) will work now but in 5 years may start causing mysterious problems.
  • If you really need to set a value, you should consider doing it in a separate specialized application or appdomain and find a way to talk between it and your main pool. Because it’s a single global value, trying to manage it within a busy app pool will only lead to trouble. This answer: https://stackoverflow.com/a/26754917/7656 provides a possible solution by way of a custom proxy. (Note I have not personally implemented it.)

Community's user avatar

answered Sep 16, 2016 at 23:54

Tyler Forsythe's user avatar

1

In my case, the service account running the application did not have permission to access the private key. Once I gave this permission, the error went away

  1. mmc
  2. certificates
  3. Expand to personal
  4. select cert
  5. right click
  6. All tasks
  7. Manage private keys
  8. Add the service account user

answered Nov 13, 2017 at 21:24

Dinesh Rajan's user avatar

Dinesh RajanDinesh Rajan

2,29822 silver badges17 bronze badges

1

If you are running your code from Visual Studio, try running Visual Studio as administrator. Fixed the issue for me.

answered Feb 27, 2018 at 16:59

handles's user avatar

handleshandles

7,59116 gold badges61 silver badges85 bronze badges

1

System.Net.WebException: The request was aborted: Could not create
SSL/TLS secure channel.

In our case, we where using a software vendor so we didn’t have access to modify the .NET code. Apparently .NET 4 won’t use TLS v 1.2 unless there is a change.

The fix for us was adding the SchUseStrongCrypto key to the registry. You can copy/paste the below code into a text file with the .reg extension and execute it. It served as our «patch» to the problem.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

answered Jul 26, 2018 at 14:35

capdragon's user avatar

capdragoncapdragon

14.3k24 gold badges102 silver badges152 bronze badges

3

I have struggled with this problem all day.

When I created a new project with .NET 4.5 I finally got it to work.

But if I downgraded to 4.0 I got the same problem again, and it was irreversable for that project (even when i tried to upgrade to 4.5 again).

Strange no other error message but «The request was aborted: Could not create SSL/TLS secure channel.» came up for this error

answered Dec 2, 2015 at 16:08

aghost's user avatar

aghostaghost

1922 silver badges8 bronze badges

2

In case that the client is a windows machine, a possible reason could be that the tls or ssl protocol required by the service is not activated.

This can be set in:

Control Panel -> Network and Internet -> Internet Options -> Advanced

Scroll settings down to «Security» and choose between

  • Use SSL 2.0
  • Use SSL 3.0
  • Use TLS 1.0
  • Use TLS 1.1
  • Use TLS 1.2

enter image description here

answered May 10, 2017 at 7:05

cnom's user avatar

cnomcnom

2,8614 gold badges27 silver badges59 bronze badges

4

none of this answer not working for me , the google chrome and postman work and handshake the server but ie and .net not working. in google chrome in security tab > connection show that encrypted and authenticated using ECDHE_RSA with P-256 and AES_256_GCM cipher suite to handshake with the server.

enter image description here

i install IIS Crypto and in cipher suites list on windows server 2012 R2 ican’t find ECDHE_RSA with P-256 and AES_256_GCM cipher suite. then i update windows to the last version but the problem not solve. finally after searches i understood that windows server 2012 R2 not support GSM correctly and update my server to windows server 2016 and my problem solved.

answered May 31, 2020 at 5:46

sina alizadeh's user avatar

I was having this same issue and found this answer worked properly for me. The key is 3072. This link provides the details on the ‘3072’ fix.

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

XmlReader r = XmlReader.Create(url);
SyndicationFeed albums = SyndicationFeed.Load(r);

In my case two feeds required the fix:

https://www.fbi.gov/feeds/fbi-in-the-news/atom.xml
https://www.wired.com/feed/category/gear/latest/rss

Stephen Rauch's user avatar

Stephen Rauch

46.6k31 gold badges109 silver badges131 bronze badges

answered May 27, 2018 at 14:02

joeydood's user avatar

joeydoodjoeydood

511 silver badge4 bronze badges

1

None of the answers worked for me.

This is what worked:

Instead of initializing my X509Certifiacte2 like this:

   var certificate = new X509Certificate2(bytes, pass);

I did it like this:

   var certificate = new X509Certificate2(bytes, pass, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

Notice the X509KeyStorageFlags.Exportable !!

I didn’t change the rest of the code (the WebRequest itself):

// I'm not even sure the first two lines are necessary:
ServicePointManager.Expect100Continue = true; 
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

request = (HttpWebRequest)WebRequest.Create(string.Format("https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", server));
request.Method = "GET";
request.Referer = string.Format("https://hercules.sii.cl/cgi_AUT2000/autInicio.cgi?referencia=https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", servidor);
request.UserAgent = "Mozilla/4.0";
request.ClientCertificates.Add(certificate);
request.CookieContainer = new CookieContainer();

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
    // etc...
}

In fact I’m not even sure that the first two lines are necessary…

answered Apr 30, 2019 at 17:58

sports's user avatar

sportssports

7,67312 gold badges69 silver badges128 bronze badges

2

This fixed for me, add Network Service to permissions.
Right click on the certificate > All Tasks > Manage Private Keys… > Add… > Add «Network Service».

Lionel Gaillard's user avatar

answered Apr 6, 2018 at 6:27

jayasurya_j's user avatar

jayasurya_jjayasurya_j

1,4191 gold badge13 silver badges22 bronze badges

1

Another possibility is that the code being executed doesn’t have the required premissions.

In my case, I got this error when using Visual Studio debugger to test a call to a web service. Visual Studio wasn’t running as Administrator, which caused this exception.

answered Oct 30, 2019 at 10:11

OfirD's user avatar

OfirDOfirD

7,8623 gold badges42 silver badges78 bronze badges

0 0 голоса
Рейтинг статьи
Подписаться
Уведомить о
guest

0 комментариев
Старые
Новые Популярные
Межтекстовые Отзывы
Посмотреть все комментарии

А вот еще интересные материалы:

  • Яшка сломя голову остановился исправьте ошибки
  • Ясность цели позволяет целеустремленно добиваться намеченного исправьте ошибки
  • Ясность цели позволяет целеустремленно добиваться намеченного где ошибка
  • Fallout 3 ошибка при запуске приложения 0xc000001b
  • Fallout 3 ошибка память не может быть read