Suddenly encountered "Could not create SSL/TLS secure channel"

[jayanti-prajapati]

"Could not create SSL/TLS secure channel".

I am using telegram bot for long time, but it stopped working now. While debugged got the error "Could not create SSL/TLS secure channel".

Error

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Telegram.Bot.TelegramBotClient.d__54`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at TelegramBotAPI.Controllers.WebhookController.d__5.MoveNext()

Server and SSL

TLS 1.2, AES with 256 bit encryption (High); ECDH with 384 bit exchange

Efforts

I have tried to allow Expect100Continue and Security Protocol with all tls protocols.

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Steps to reproduce

No sure.

Expected behavior

It should send message.

Actual behavior

Its not sending message.

Screenshots

I am using code to send message just for sample.
await bot.SendTextMessageAsync(chatId: update.Message.Chat.Id, text: string.Format("Welcome to {0}, We are processing your registration.", botName));

Environment data

NuGet Package Version: (e.g. 13.0.1)
15.3.0

.NET Version: (e.g. 4.7, Core 1.1, Mono, etc.)
.Net Framework 4.6

IDE: (e.g. VS2017, VS Code, etc.)
VS 2017

App: (e.g. Desktop, iOS, Android, etc.)
Telegram Android Client, Chrome for Webhooks debug, ngrok

Please let me know if you need more information.

[jayanti-prajapati]

Please let me know if you need more information.

[tuscen]

Closed as duplicate #868

[tuscen]

Sorry for this mess with reopening, I missed some details.

Telegram now allows only TLS v1.2. You probably need to use this
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

[amoamare]

@jayanti-prajapati, can you load IISCrypto on cipher suites double check that TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled. This was my issue. Ensuring this was enabled and still using the servicepointmanager to force Tls12 solved my issue.

[davydovpn87]

@amoamare Thank you very much!
Installing update for windows 7 with TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite and enabling it in the IISCrypto with "ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12" line added to the code fixed error for me!

[jayanti-prajapati]

@amoamare I am using windows server 2016 and also updated TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite and enabling it in the IISCrypto with "ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12". Unfortunately still no luck.
Can you check my settings and let me know if need any more update?

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
await bot.SendTextMessageAsync(chatId: update.Message.Chat.Id, text: string.Format("Welcome to {0}, We are processing your registration.", botName));

I tried just created a sample code in console app thats working for me but not working in IIS.

[jayanti-prajapati]

Hi, After deep debugging found that we are doing one more hit to send message before the code I added. Just moved ServicePointManager.SecurityProtocol to top works for me.

Thanks all for help.