Could not create SSL/TLS secure channel

[aleles]

Hi, we get this error on some orders in RegisterButton. Other orders go through fine. Do you know what could cause it?

The request was aborted: Could not create SSL/TLS secure channel.

Thanks! Alex

[bchavez]

Hi there,

Seems to be more of an underlying .NET issue with SSL.

Perhaps, try this: http://stackoverflow.com/questions/2859790/the-request-was-aborted-could-not-create-ssl-tls-secure-channel

Let me know if that works for you.

[bchavez]

For the time being, I'll be closing the issue since I think this is more of a underlying .NET configuration issue. If you're still having trouble, please let me know and I'll be happy to re-open this issue and investigate it further.

[gmz-dev]

Hi @bchavez,

I've recently downloaded your source code and built additional methods using the information on CoinBase API that are required for my application.

My application is a Windows Service and is scheduled to run hourly. I'm encountering the same issue with my application on creating secure SSL/TLS channel.

Exception Message : The request was aborted: Could not create SSL/TLS secure channel.

Can you please help with the fix for this issue.

Thank you for your help in advance.

[bchavez]

@gmz-dev , I'm sorry your having problems using the Coinbase API. Honestly, I cannot reproduce this error; therefore, my options in providing help are somewhat limited.

What you'll need to do is:

1. Provide a stack trace when this exception occurs and any additional information to help debug the issue.
2. Set the SecurityProtocol in your Program.Main() before running any Coinbase API calls. Try playing with different ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; settings as mentioned in the link above. Set the SecurityProtocol in your Program.Main() before running any Coinbase API calls.
3. Pull the latest hotfixes for the .NET framework from Windows Update.

Again, I don't think this problem is related to the code in this repository per se but more of an underlying .NET Secure Socket / SSL handshake issue between Coinbase's API servers and the underlying SSL implementation in the .NET framework (which RestSharp is using).

[aleles]

@gmz-dev We had this issue dropped for a few months, but we started experiencing it again recently. I'm talking to the Coinbase support about it. Also, I just created a public thread on their forum here https://community.coinbase.com/t/could-not-create-ssl-tls-secure-channel/2640

I feel like one or more of their boxes have CAs configured in a way our servers can't establish the connection.

[gmz-dev]

Hi @bchavez / @aleles ,

Thank you the information that you have shared.

I shall follow the new public thread that you have created on the CoinBase Community to see if there are any updates on it.

Thank you again.

[bchavez]

@aleles / @gmz-dev

I was able to reproduce the error by setting:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3

System.Net.WebException : The request was aborted: Could not create SSL/TLS secure channel.

Perhaps they have SSL3 disabled or something. TLS seems to work OK:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;
OK

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
OK

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
OK

Try setting the ServicePointManager.SecurityProtocol to a different protocol other than SSL3 in your application start up. Please let me know if this helps.

[bchavez]

Probably somewhat related, received an email this morning from Amazon:

Dear Login with Amazon Developer, Beginning on May 25, 2015, as part of our commitment to customer security, Login with Amazon will no longer accept incoming SSL (Secure Sockets Layer) connections due to the vulnerability of SSL v3 to man-in-the-middle security attacks. More information here.

If you have a website that uses SSL with Login with Amazon, you will have to configure your HTTPS connections to use TLS (Transport Layer Security) instead of SSL. If you have a native mobile Android, Fire OS or iOS app that uses Login with Amazon, you do not have to take any action.

Seems like the Internet is disabling SSL3.

[gmz-dev]

Hi @bchavez ,

Setting up the Security Protocol to TLS at my Application Client Application Startup doesn't help me resolve the issue. I still see an Exception occurring in a timely fashion. Am I missing up anything?

Thank you for your help in advance.

[bchavez]

@gmz-dev Maybe try and restart. I similarly had an issue initially testing these protocols when I first started playing around with the settings. Maybe the ever persistent *.vshost.exe has something to do with it.

Also, did you try just TLS instead of 1.1 and 1.2?

[bchavez]

Coinbase seems to have settled the TLS/SSL issues. Going to close the issue, if it comes up again, we'll reopen/revisit the issue.