Closed katron24 closed 3 years ago
Hi, after working for over a year my MDT application fails with 'the request was aborted: Could not create SSL/TLS secure channel'
I cannot work out what has changed. has anybody else come across this problem.
thanks Ron
hi the solution is the line
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12. Thanks to anybody hat has looked at this.
in vb.net using rest.
@katron24 Well found - i saw the original message just now and though - hmm - TLS Error.
The background is that sandbox has required TLS1.2+ since June 2020 in preparation for production environment changing to this minimum at some point 'imminently'.
Were you getting the error on sandbox or production - I'm interested if production has switched over yet as we haven't had a notification to say it has.
Thanks
Alex
Hi AlexJSH,
it was on the production. within the last fortnight i think.
thanks
@katron Thanks - sounds like the security upgrade has gone live then - but i've not seen any notification of that.
hi the solution is the line
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12. Thanks to anybody hat has looked at this.
in vb.net using rest.
The issue with this is that you're hardcoding the TLS level to 1.2. When things inevitably move to 1.3 or higher it'll require a code change. The application I wrote is compiled against .NET 4.5 and from what I've read, when you make a web request, 4.5 chooses the TLS version and it defaults to 1.0. However, you can override this behaviour and tell .NET to allow the OS to decide which is how it should be done. To do that you add this into the app.config file:
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
This goes into /configuration/runtime
However, this doesn't seem to have any effect if you are running Windows 2008 R2 or earlier. Sadly I can't always help what OS is running on the end server. In this instance I have a branch build that includes the line of code you suggested.
Ideally you should build using .NET 4.6 or later.
For reference, info found here: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
Agree +1 @MrSent - Never hard code, especially when there is an XML override.
I upgraded my project from 4.5 to 4.7 for better high DPI support not knowing that it would effect TLS enforcement. Authentication failed, lost a few hours in a sniffer and code diff's and added DontEnableSystemDefaultTlsVersions=false
Support request
You must read the information below before you submit a support request.
The MTD API team cannot help if your query is about:
For any of the above, you must contact the Software Developer Support Team directly at SDSTeam@hmrc.gov.uk. The SDS Team do not monitor this repository.
This repository is for technical queries relating to the VAT API. We can help with VAT-API technical queries only.
Common support questions and answers can be found on VAT API Wiki. You can also search for previous support questions here.