Problem
Last week I had some fun debugging a weird bug. Within our application one module makes HTTP requests to a 3rd party service and depending on the running Windows version this call worked or failed with:
'Could not create SSLTLS secure channel'
I knew that older TLS/SSL versions are deprecated and that many services refuse those protocols, but we still didn’t finally understand the issue:
- The HTTPS call worked without any issues on a Windows 10 1903 machine
- The HTTPS call didn’t work on a Windows 7 SP1 (yeah… customers…) and a Windows 10 1803 machine.
Our software uses the .NET Framework 4.7.2 and therefore I thought that this should be enough.
Root cause
Both systems (or at least they represents two different customer enviroments) didn’t enable TLS 1.2.
On Windows 7 (and I think on the older Windows 10 releases) there are multiple ways. On way is to set a registry key to enable the newer protocols.
Our setup was a bit more complex than this and I needed like a day to figure everything out. A big mystery was, that some services were accessible even under the old systems till I figured out, that some sites even support a pure HTTP connection without any TLS.
Well… to summarize it: Keep your systems up to date. If you have any issues with TLS/SSL make sure your system does support it.
Hope this helps!