The Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm - ASP.NET C# Iis Tls 1.0/1.1/1.2 - Win32Exception

  • Home
  • Languages
  • Csharp
  • The Client and Server Cannot Communicate, Because They Do Not Possess a Common Algorithm - ASP.NET C# Iis Tls 1.0/1.1/1.2 - Win32Exception

The client and server cannot communicate, because they do not possess a common algorithm - ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 - Win32Exception

There are several other posts about this now and they all point to enabling TLS 1.2. Anything less is unsafe.

You can do this in .NET 3.5 with a patch.

You can do this in .NET 4.0 and 4.5 with a single line of code

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // .NET 4.0

In .NET 4.6, it automatically uses TLS 1.2.

See here for more details:
.NET support for TLS.

SoapHttpClientProtocol and TLS 1.2 - The client and server cannot communicate, because they do not possess a common algorithm

If your client application was compiled against .NET Framework 4.5.2 or lower, then by default ServicePointManager.SecurityProtocol is initialized to SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls (SSL 3.0 and TLS 1.0 only), so it won't be able to connect to a remote server that requires TLS 1.2.

There are several ways to allow your client application to use TLS 1.2:

  • Recompile your client application against .NET Framework 4.6 or later. (In Visual Studio, open your project's property pages, go to the Application tab, and change the Target Framework.)
  • On the client machine, run RegEdit.exe, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ .NETFramework\v4.0.30319, add a DWORD (32-bit) value named SchUseStrongCrypto, and set it to 1. (This flag causes ServicePointManager.SecurityProtocol to be initialized to Tls | Tls11 | Tls12.)
  • When your client application starts up, turn on TLS 1.2: ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;

There's no need to regenerate your proxy class because it's not responsible for negotiating the TLS protocol or cipher.

The client and server cannot communicate, because they do not possess a common algorithm on Windows Server 2008 Web

The problem was the Operating system. We were using Windows Server 2008 and we didn't realize the application need OS's protocol to communicate with other server. Since we have .NET Framework 4.5 installed and we were also using the code ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; to force application to use Tls1.2 (according to the requirement), hence believed that everything should work fine, but obviously this wasn't going to happen.

tl;dr; We installed Windows Server 2012 on the machine and the application is running fine now (as it should)


Related Topics

Best C# API to Create PDF

How to Calculate the Ip Range When the Ip Address and the Netmask Is Given

Convert Dictionary<String, Object> to Anonymous Object

.Net Virus Scanning API

User in Entity Type MVC5 Ef6

How to Capture Screen to Be Video Using C# .Net

How to Execute Code After a Form Has Loaded

Cryptographicexception Was Unhandled: System Cannot Find the Specified File

How to Use ASP.NET Identity 2.0 to Allow a User to Impersonate Another User

How to Specify a Generic Type in Xaml (Pre .Net 4 Framework)

Creating API That Is Fluent

Embed Unity3D App Inside Wpf Application

Possible to Iterate Backwards Through a Foreach

ASP.NET Core 3.0 System.Text.JSON Camel Case Serialization

Simple Custom Event

How to Round Up Value C# to the Nearest Integer

Why Does the C# Compiler Emit Activator.Createinstance When Calling New in with a Generic Type with a New() Constraint

How to Ensure an Event Is Only Subscribed to Once


Leave a reply



Submit