Hello to all,
please i need some help for the problem I'm about to describe:my company has a .NET application that calls a url from an external supplier via web service rest. The url is of HTTPS type on port 443. We have a certificate issued by this supplier and that we must use in the application for the connection to take place successfully. The application has worked perfectly for many years.
A few months ago the supplier asked us to adapt and start connecting according to TLS 1.2.
As a result, we did the following:
- no application changes to the application code
- recompiled with Visual Studio 2019 Professional the entire solution of the C # application by changing from framework 3.5 to framework 4.7.2
- migrated the application from the old Windows Server 2008 servers (5 clustered machines) to the new Windows Server 2016 servers (6 clustered machines)
- since the application is mounted on IIS in the form of WS called by our Biztalk 2013 R2 scheduler, we have set up the IIS virtual directory so that it runs under an application pool with framework 4.
Having said that at the moment, the application is running correctly on 2 of 6 machines, and the supplier has confirmed that it sees calls correctly with TLS 1.2.
The problem is that we are not able to make it work on the remaining 4 machines in any way, and we are still getting a "The request was aborted: Could not create SSL / TLS secure channel" error. The thing is very strange because:
- the dlls and all the files related to the application (we have checked several times) are exactly replicated also on the remaining 4 machines
- the firewall is correctly open
- the certificate has been reinstalled already 2 times since we had the doubt it was that, including a root certificate
- as I have read on various forums, we have already tried some changes to the code by adding for example "ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;" although no code changes should be necessary since the .NET framework 4.7.2 already enables TLS 1.2 by default. In any case, any changes to the code have not changed the situation.
- host files and proxy exclusions are identical between all 6 servers
I repeat that at the moment the application works as well as it should only on 2 of 4 machines. For completeness I add that initially we had the same problem also on those 2 machines, but then we solved it by adding the following 2 lines in the web.config used by the 'application:
<compilation targetFramework = "4.7.2"> </compilation>
<httpRuntime targetFramework = "4.7.2" executionTimeout = "9000" maxRequestLength = "64000" />
ie specifying that the application must be executed with 4.7.2.
But the same web.config is now also present on the 4 machines that don't work ... and they still don't work ....
Are there other things we can check?
Or do you have any ideas to suggest?
Thanks in advance