Home > Back-end >  How to find reason that .NET HttpClient produces SSL Error with commonly trusted site
How to find reason that .NET HttpClient produces SSL Error with commonly trusted site

Time:07-25

I have a very simple request:

using System.Net.Http;

var client = new HttpClient();
var result = client.GetAsync("https://...com");
result.Wait();

This fails with a WebException that the SSL Tunnel could not be created. SSL Labs and my Browser both agree that the server certificates are valid and can be trusted.

SSL Lab Grades A

Why doesn't .NET trust the server? How can I find out what the specific problem is? I don't want to blankly disable the verification obviously.

CodePudding user response:

Just because the "SSL Tunnel could not be created" doesn't mean that it doesn't trust the certificate, it could be a protocol version mismatch.

It's best to check what SSL/TLS versions the site supports? And does your app use one of those SSL/TLS versions? I've seen this a lot recently as servers are "upgraded" to remove less secure TLS/SSL protocol versions and this is often a problem as TLS1.3 is not enabled by default in versions of .NET Framework less than 4.8 with TLS1.2 is only supported by default from 4.7 (4.7.1 for WCF).

Checkout this articale on working with TLS in .NET Framework for more info.

  • Related