topic Re: TLS 1.2 intermittent failures with Could not create SSL/TLS secure channel in Integration and Testing

TLS 1.2 intermittent failures with Could not create SSL/TLS secure channel

gchq — Thu, 01 Mar 2018 22:22:20 GMT

Using System.Net.WebClient() to connect via a .NET 4.5 web app running on a Server 2016 box we are seeing odd failures (99% are processing normally)with

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel

The server has TLS 1.2 and 1.1 enabled - I assumed that a less secure browser was being used, that allowed them to login to our site but then failed to connect over 1.2 to the gateway. We contacted one of the users (Firefox browser) and asked hit to test his browser, that reported 'Your user agent supports TLS 1.2, which is the recommended protocol version'

Unless there is a quirk in Firefox that negotiated a lower protocol, this is rather puzzing...

Any ideas?

Thanks

Re: TLS 1.2 intermittent failures with Could not create SSL/TLS secure channel

bdf2723 — Fri, 02 Mar 2018 07:08:24 GMT

If your server has TLS 1.1 enabled and a client uses it to post a transaction to Authorize.net it will fail. This is by design as of 2/28/2018.

If you want to avoid this, diasable TLS 1.1 at the server or if you want to allow it you should query for the client TLS version and prevent them from attempting a transaction if the version is less than 1.2

Re: TLS 1.2 intermittent failures with Could not create SSL/TLS secure channel

gchq — Fri, 02 Mar 2018 14:58:11 GMT

I understand that - what confuses me is why a compliant browser would not negotiate the securest connection. One user tried it both with Firefox and a Mac Safari and hit the same brick wall on serveral occasions, but nearly all others process without any problem.

Re: TLS 1.2 intermittent failures with Could not create SSL/TLS secure channel

BertNie — Wed, 28 Mar 2018 06:49:09 GMT

I had the same problem here. Using .Net 4.6 solved the problem.