Authentication failed because remote party has closed the transport stream

.NetOpensslX509certificateSslstream

.Net Problem Overview

I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands.

I am using SslStream object to authenticate the Tcp client by calling SslStream.AuthenticateAsClient method by passing server IP, SslProtocols.Ssl3 and X509CertificateCollection.

I am getting the following error:

> Authentication failed because the remote party has closed the transport stream

.Net Solutions

Solution 1 - .Net

I would advise against restricting the SecurityProtocol to TLS 1.1.

The recommended solution is to use

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

Another option is add the following Registry key:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
Value: SchUseStrongCrypto

It is worth noting that .NET 4.6 will use the correct protocol by default and does not require either solution.

Solution 2 - .Net

If you want to use an older version of .net, create your own flag and cast it.

    //
    // Summary:
    //     Specifies the security protocols that are supported by the Schannel security
    //     package.
    [Flags]
    private enum MySecurityProtocolType
    {
        //
        // Summary:
        //     Specifies the Secure Socket Layer (SSL) 3.0 security protocol.
        Ssl3 = 48,
        //
        // Summary:
        //     Specifies the Transport Layer Security (TLS) 1.0 security protocol.
        Tls = 192,
        //
        // Summary:
        //     Specifies the Transport Layer Security (TLS) 1.1 security protocol.
        Tls11 = 768,
        //
        // Summary:
        //     Specifies the Transport Layer Security (TLS) 1.2 security protocol.
        Tls12 = 3072
    }
    public Session()
    {
        System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)(MySecurityProtocolType.Tls12 | MySecurityProtocolType.Tls11 | MySecurityProtocolType.Tls);
    }

Solution 3 - .Net

Adding the below code helped me overcome the issue.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;

Solution 4 - .Net

using (var client = new HttpClient(handler))
            {
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
                var response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Get, apiEndPoint)).ConfigureAwait(false);
                await response.Content.ReadAsStringAsync().ConfigureAwait(false);
            }

This worked for me

Solution 5 - .Net

I ran into the same error message while using the ChargifyNET.dll to communicate with the Chargify API. Adding chargify.ProtocolType = SecurityProtocolType.Tls12; to the configuration solved the problem for me.

Here is the complete code snippet:

public ChargifyConnect GetChargifyConnect()
{
	var chargify = new ChargifyConnect();
	chargify.apiKey = ConfigurationManager.AppSettings["Chargify.apiKey"];
	chargify.Password = ConfigurationManager.AppSettings["Chargify.apiPassword"];
	chargify.URL = ConfigurationManager.AppSettings["Chargify.url"];
	
	// Without this an error will be thrown.
	chargify.ProtocolType = SecurityProtocolType.Tls12;
	
	return chargify;
}

Solution 6 - .Net

For VB.NET, you can place the following before your web request:

Const _Tls12 As SslProtocols = DirectCast(&HC00, SslProtocols)
Const Tls12 As SecurityProtocolType = DirectCast(_Tls12, SecurityProtocolType)
ServicePointManager.SecurityProtocol = Tls12

This solved my security issue on .NET 3.5.

Solution 7 - .Net

This happened to me when an web request endpoint was switched to another server that accepted TLS1.2 requests only. Tried so many attempts mostly found on Stackoverflow like

  1. Registry Keys ,
  2. Added :
    System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12; to Global.ASX OnStart,
  3. Added in Web.config.
  4. Updated .Net framework to 4.7.2 Still getting same Exception.

The exception received did no make justice to the actual problem I was facing and found no help from the service operator.

To solve this I have to add a new Cipher Suite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 I have used IIS Crypto 2.0 Tool from here as shown below.

enter image description here

Categories
Recommended .Net Solutions
Recommended Openssl Solutions

Previous Solution:

Python - Get Yesterday's date as a string in YYYY-MM-DD format

PythonPython 2.7Python 3.xDateDatetime

Next Solution:

Coordinator Layout with Toolbar in Fragments or Activity

AndroidAndroid FragmentsAndroid ActivityAndroid Actionbar

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionOdeluView Question on Stackoverflow
Solution 1 - .NetGuiSimView Answer on Stackoverflow
Solution 2 - .NetIguanawareView Answer on Stackoverflow
Solution 3 - .NetmurugeView Answer on Stackoverflow
Solution 4 - .NetSanket SonavaneView Answer on Stackoverflow
Solution 5 - .NetTod BirdsallView Answer on Stackoverflow
Solution 6 - .Netuser1477388View Answer on Stackoverflow
Solution 7 - .NetFunMattersView Answer on Stackoverflow