TLS/SSL problem: 'Could not create SSL/TLS secure channel'

29 February 2020 TLS, SSL, HTTPS Robert Muehsig

Problem

Last week I had some fun debugging a weird bug. Within our application one module makes HTTP requests to a 3rd party service and depending on the running Windows version this call worked or failed with:

'Could not create SSLTLS secure channel'

I knew that older TLS/SSL versions are deprecated and that many services refuse those protocols, but we still didn’t finally understand the issue:

  • The HTTPS call worked without any issues on a Windows 10 1903 machine
  • The HTTPS call didn’t work on a Windows 7 SP1 (yeah… customers…) and a Windows 10 1803 machine.

Our software uses the .NET Framework 4.7.2 and therefore I thought that this should be enough.

Root cause

Both systems (or at least they represents two different customer enviroments) didn’t enable TLS 1.2.

On Windows 7 (and I think on the older Windows 10 releases) there are multiple ways. On way is to set a registry key to enable the newer protocols.

Our setup was a bit more complex than this and I needed like a day to figure everything out. A big mystery was, that some services were accessible even under the old systems till I figured out, that some sites even support a pure HTTP connection without any TLS.

Well… to summarize it: Keep your systems up to date. If you have any issues with TLS/SSL make sure your system does support it.

Hope this helps!

Written by Robert Muehsig

Software Developer - from Saxony, Germany - working on primedocs.io. Microsoft MVP & Web Geek.
Other Projects: KnowYourStack.com | ExpensiveMeeting | EinKofferVollerReisen.de