HTTPCLIENT return SSL error handshake failure in the Windows Server 2012

[Samuraix]

Hi,

I created an aplication to return the TOKEN in C# using HTTPCLIENT and when I execute in the Window Server 2012 R2 is returning the error of SLL HANDSHAKE_FAILURE.

When I run the same application in the Windows 10 or Windows Server 2016 run perfectly.

And when I run the same application in others endpoints in the Windows Server 2012 R2 run sucessfuly, just to the endpoint "https://api.smartleader.com.br/oauth/token", that is hosted in the Amazon return error.

Can some people help me?


Below the code:

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net.Security;
using System.Text;
using System.Threading.Tasks;

namespace TESTE3
{
    class Program
    {
        static void Main(string[] args)
        {

            string token = "";

            using (var client = new HttpClient())
            {
                Dictionary<string, string> postvalues = new Dictionary<string, string>
                {
                   { "client_id", "99" },
                   { "client_secret", "blablabla" },
                   { "grant_type", "client_credentials" },
                   { "scope", "sml-integration" }
                };

                var content = new FormUrlEncodedContent(postvalues);
               
                var response = client.PostAsync("https://api.smartleader.com.br/oauth/token", content).Result.Content.ReadAsStringAsync().Result;
                Dictionary<string, string> responseJSON = JsonConvert.DeserializeObject<Dictionary<string, string>>(response);
                token = responseJSON["access_token"];
            }

            Console.WriteLine(token);
        }
    }
}

 

[Skydiver]

The issue is not with your code, but rather with the machines you are running on as well as the machines you are talking to. At a high level, each OS normally has a set of SSL cipher suites it supports. Part of the SSL handshake negotiation is determining which SSL version to use, and which cipher suite to use within that protocol version.

To make matters worse, you can configure the registry on the Windows machines to indicate which suites to use, but the OS may not support it. My team ran into this when we lost connectivity to Microsoft's OAuth servers because our PowerShell scripts were running on Windows Server 2012 R2. No amount of registry hacking could fix things even after engaging MS support.

You could try forcing your code to use SSL 1.2, but that will only get you part way.

 

[Samuraix]

I already change the REGEDIT of the server Windows 2012 R2 forcing to use only TLS 1.2.
And I test with Postman in the Windows Server 2012 R2 and run successfully.
Why run in the Postman and don't works with C# Console Application ???

 

[Samuraix]

Look the Postman run sucessfuly in the Windows Server 2012 R2...

 

[Skydiver]

Did you compile your code to run using .NET Framework 4.8? TLS 1.2 should be the default for 4.8. I believe that for versions lower than 4.6.2, the default was TLS 1.1 so you needed to force it to run with TLS 1.2:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

as your first line of code before any networking happens.

There are also a few other things you can do as listed here:

Defaulting Your System to use TLS 1.2 for .NET Applications

As you move your web applications (such as SpiraTest, SpiraTeam, SpiraPlan, or KronoDesk) to newer encryption protocols such as Transport Layer Security (TLS) 1.2, you will need to make sure the client applications are configured to use the latest version of TLS. Specifically applications using...

www.inflectra.com

 

[Samuraix]

I compiled my code in The .NET framework version 4.8.

 

[Skydiver]

I don't know what else to suggest.

 

[mperalta]

Hello, I am facing a very similar problem. Did you find a way to solve this?

Thanks.