HTTPCLIENT return SSL error handshake failure in the Windows Server 2012

Samuraix

Member
Joined
Aug 9, 2021
Messages
9
Programming Experience
Beginner
Hi,

I created an aplication to return the TOKEN in C# using HTTPCLIENT and when I execute in the Window Server 2012 R2 is returning the error of SLL HANDSHAKE_FAILURE.

When I run the same application in the Windows 10 or Windows Server 2016 run perfectly.

And when I run the same application in others endpoints in the Windows Server 2012 R2 run sucessfuly, just to the endpoint "https://api.smartleader.com.br/oauth/token", that is hosted in the Amazon return error.

Can some people help me?


Below the code:

C#:
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net.Security;
using System.Text;
using System.Threading.Tasks;

namespace TESTE3
{
    class Program
    {
        static void Main(string[] args)
        {

            string token = "";

            using (var client = new HttpClient())
            {
                Dictionary<string, string> postvalues = new Dictionary<string, string>
                {
                   { "client_id", "99" },
                   { "client_secret", "blablabla" },
                   { "grant_type", "client_credentials" },
                   { "scope", "sml-integration" }
                };

                var content = new FormUrlEncodedContent(postvalues);
               
                var response = client.PostAsync("https://api.smartleader.com.br/oauth/token", content).Result.Content.ReadAsStringAsync().Result;
                Dictionary<string, string> responseJSON = JsonConvert.DeserializeObject<Dictionary<string, string>>(response);
                token = responseJSON["access_token"];
            }

            Console.WriteLine(token);
        }
    }
}
 
Last edited by a moderator:

Skydiver

Staff member
Joined
Apr 6, 2019
Messages
5,698
Location
Chesapeake, VA
Programming Experience
10+
The issue is not with your code, but rather with the machines you are running on as well as the machines you are talking to. At a high level, each OS normally has a set of SSL cipher suites it supports. Part of the SSL handshake negotiation is determining which SSL version to use, and which cipher suite to use within that protocol version.

To make matters worse, you can configure the registry on the Windows machines to indicate which suites to use, but the OS may not support it. My team ran into this when we lost connectivity to Microsoft's OAuth servers because our PowerShell scripts were running on Windows Server 2012 R2. No amount of registry hacking could fix things even after engaging MS support.

You could try forcing your code to use SSL 1.2, but that will only get you part way.
 

Samuraix

Member
Joined
Aug 9, 2021
Messages
9
Programming Experience
Beginner
I already change the REGEDIT of the server Windows 2012 R2 forcing to use only TLS 1.2.
And I test with Postman in the Windows Server 2012 R2 and run successfully.
Why run in the Postman and don't works with C# Console Application ???
 

Attachments

  • TLS_1_2.png
    TLS_1_2.png
    159.7 KB · Views: 79

Samuraix

Member
Joined
Aug 9, 2021
Messages
9
Programming Experience
Beginner
Look the Postman run sucessfuly in the Windows Server 2012 R2...
 

Attachments

  • postman_windows_server_2012_R2.png
    postman_windows_server_2012_R2.png
    158 KB · Views: 53

Skydiver

Staff member
Joined
Apr 6, 2019
Messages
5,698
Location
Chesapeake, VA
Programming Experience
10+
Did you compile your code to run using .NET Framework 4.8? TLS 1.2 should be the default for 4.8. I believe that for versions lower than 4.6.2, the default was TLS 1.1 so you needed to force it to run with TLS 1.2:
C#:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
as your first line of code before any networking happens.

There are also a few other things you can do as listed here:
 

Skydiver

Staff member
Joined
Apr 6, 2019
Messages
5,698
Location
Chesapeake, VA
Programming Experience
10+
I don't know what else to suggest.
 
Top Bottom