{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Melony? 的问题《SoapHttpClientProtocol and TLS 1.2 - The client an》','https://www.manongdao.com/q-1316818.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
There are numerous posts on SO about this and I have scoured them, but still don't have a solution. I am hoping that someone can point me in the right direction.
We have a requirement now to use TLS 1.2 to connect to a remote provider. So I have installed Windows Server 2016 and configured it as needed:
I know the remote server is running TLS 1.2 and that it supports the highlighted cipher.
We connect to the remote end point using C# proxy class generated by the WSDL provided by the provider - before they converted their end to TLS (System.Web.Services.Protocols.SoapHttpClientProtocol).
When I connect using the proxy I get an exception with the inner exception being "The client and server cannot communicate, because they do not possess a common algorithm".
I cannot see anywhere that ServicePointManager.SecurityProtocol so I am assuming .NET is picking up TLS 1.2 as it is the only enabled protocol? No idea how it is doing the cipher.
Can someone tell me how I go about attempting to fix this? If possible I don't want to regenerate the WSDL proxy class.
If your client application was compiled against .NET Framework 4.5.2 or lower, then by default ServicePointManager.SecurityProtocol is initialized to
SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls(SSL 3.0 and TLS 1.0 only), so it won't be able to connect to a remote server that requires TLS 1.2.There are several ways to allow your client application to use TLS 1.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319, add a DWORD (32-bit) value namedSchUseStrongCrypto, and set it to 1. (This flag causesServicePointManager.SecurityProtocolto be initialized toTls | Tls11 | Tls12.)ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;There's no need to regenerate your proxy class because it's not responsible for negotiating the TLS protocol or cipher.
I had this issue removing TLS 1.0 from a website that was connecting to a web service. For me it was a httpRuntime that was stuck on 4.5.1 in web.config of the web service. The service was changed to 4.6.1, changing the version of httpRuntime in the web.config to 4.6.1 fixed the issue. The web site tried to set up TLS to the webservice and only has 1.2 and 1.1 available. The web service only supported 1.0 so that caused the error.