✅ The request was aborted: a protected SSL/TLS channel could not be created
I'm trying to send a web request in .NET 4.8, but I keep getting The request was aborted: a protected SSL/TLS channel could not be created. I've did a lot of googling and people suggested all kinds of stuff, but no matter what I tried it didn't work.
Here's stuff I tried:
I've tried various combinations of security protocols, like specifying just Tls12 which seems to fix it for some, but without any success.
When accessing the URL I'm requesting in the browser and check devtools, I can see that it uses a Tls13 encryption. Not sure if that info is of any help.
83 Replies
Unfortunately, I'm bound to .NET 4.8 here since it is an existing codebase that is not mine, which is a bit older and I'm just trying to get to work.
@Nikoλas wdym by is the certificate trusted?
my browser accepts it fine, not sure why .NET 4.8 wouldnt
.NET and Java are using a "cache" of the CAs
iirc the game servers had an update on their ssl ciphers sometime ago, and around that time it broke
the Trusted CAs
the game server runs on a certificate that should be trusted by windows as usual, nothing special
btw remove tls 1.1 and tls 1.0 that could cause some issue
arent they using the OS' trusted CA pool?
I tried it all, didn't really make a difference
Java certainly isn't
i think NET FX didn't too
aaah right, forgot that its .net fx
@mini lets experiment a bit
invoke this
and see if it makes any difference
(do not use it)
just for testing
ignore the activity log
When do I invoke it?
on startup
there shouldnt be any exceptions, I've tried this code before
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
and it keeps on failing ?
yup
can we see the detailed exception
and can you show me the SSL Cert of the remote service?
mask what you have
just want the CA
The exception is just the title of the thread, there's no inner exception, nothing
https://a.ppy.sh/7562902
?
That's the avatar server
oh thats the service
i presume you are on Windows?
yup
are you behind a proxy?
It's worth noting that this does work on .NET 8
nop
This did work
in csharprepl
I believe the issue is specifically related to <=.NET 4.8
I've read a lot about tls/ssl errors related to those older versions
which windows version btw?
HM | C# Online Compiler | .NET Fiddle
HM | Test your C# code online with .NET Fiddle code editor.
(https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-)TLS 1.3 is supported starting in Windows 11 and Windows Server 2022. Enabling TLS 1.3 on earlier versions of Windows is not a safe system configuration.
use only 1.2
SecurityProtocolType.Tls12
tried that as well
i tried all kinds of security protocols without success
use hardcoded this code:
on a new project maybe
with net 4.8.x
this works on dotnetfiddle
this seems to be outdated or so, im on win10 and i still get TLS 1.3
on net 4.7
Ill try in a second. Only thing I can think of is this massive codebase having some code somewhere that messes it up. But I know for a fact that changing ServicePointManager.SecurityProtocol does have an impact on the request because if I set it to Ssl3 i get a different error
SSL is legacy
we say SSL these days but its long deprecated
TLS is what we all use
yeah I know, just saying
is the project opensource?
nop
is it a UI app ?
its osu isnt it?
yeah
It's not a game client, its a tool related to it
Search on project for ServicePointManager
and see if there are configurations applied to it
ohhhhhhh
but I'm overwriting it
change it to Tls12
and try
This is in a static constructor, which gets called before the entry point
So when I had it in the entrypoint I should've overwritten it, but ill try
also change the Expect100Continue
ohhh it works now
how did it not work before when I did the exact same in the entry point
oh god I believe I know why
maybe the flow is different
than what you think
Are static constructors on referenced libraries only ran when the first piece of code from that library is ran?
Because that code is in a static constructor but not in the entry assembly
$itdepends
when trying that it works for me in.net fx 4.8, with just tls3 it doesnt. i guess the browsers dont use the same implementation as .net fx
yup! It runs the entry point first
dang it
but thanks a lot for the help
static constructors are executed when the type is first used
ohh
so if u never touch a class C which has a static constructor, it will never run
rightt it was only the static <Module>::ctor that runs before the entry point
if it works now, dont forget to $close the thread
If you have no further questions, please use /close to mark the forum thread as answered
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
.net fx 4.8.2
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
i don't know you sir, and i don't want to talk to you 😄
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
they are specific to the game server having turned off TLS support
Before, they enforced TLS 1.0
now they enforce TLS 1.2+
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
so I had to change the code to stop enforcing TLS 1.0
that was the issue of this thread
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
maybe, but I know for a fact the game servres changed which TLS they enforce
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
i am not talking about httpclient here at all
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
yeah it was known to be bad and they eventually did upgrade now
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
although they did upgrade because the game servers got blocked in russia and changing to TLS 1.2 fixed it
the game servers exist since like 2007 so I assume they never bothered to change
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
oh now i remember
server side TLS 1.0 was not enforced
just supported
the game client forced TLS 1.0 I believe
and so did the tool I used
I think because of backwards compatibility with old stuff because the game client is ooold
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View