Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

"The request was aborted: Could not create SSL/TLS secure channel."

Go to answer
astrid.stollberger
Level 6

‎31-05-19 12:21 PM

​Hi,

I'm trying to read items from a Sharepoint List using CSOM (Client Side Object Model, Microsoft.Sharepoint.Client.dll).
The Sharepoint requires ssl authentication (https), but the call works fine even without passing any credentials or X509 certificate when I invoke it from my Visual Studio environment.
If I use the same code however in a code stage in Blue Prism (on the same virtual machine), I'm getting:
"The request was aborted: Could not create SSL/TLS secure channel."

It's a bit difficult to debug the issue in Blue Prism and as I cannot reproduce the error in Visual Studio I'm a bit stuck.

Anyone any idea?

------------------------------
Cheers Astrid
------------------------------
Cheers [FirstName]
0 Likes
1 BEST ANSWER

Helpful Answers

Go to answer
astrid.stollberger
Level 6
In response to GopalBhaire

‎03-06-19 02:15 PM

Alright, I cannot really explain why but adding the following lines to my code (in Blue Prism) resolved the issue:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;

In Visual Studio (which is installed on the same VM where I tested the Blue Prism code and uses .Net Framework V4.7 as well) it worked without explicitly defining the SecurityProtocol values....

------------------------------
Cheers Astrid
------------------------------
Cheers [FirstName]

View answer in original post

0 Likes
9 REPLIES 9

Go to answer
GopalBhaire
Level 10

‎03-06-19 05:52 AM

Check out the current user in Visual Studio. Pretty sure you might've signed in to the  sharepoint site.

------------------------------
Gopal Bhaire
Analyst
Accenture
------------------------------
0 Likes

Go to answer
astrid.stollberger
Level 6
In response to GopalBhaire

‎03-06-19 02:15 PM

Alright, I cannot really explain why but adding the following lines to my code (in Blue Prism) resolved the issue:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;

In Visual Studio (which is installed on the same VM where I tested the Blue Prism code and uses .Net Framework V4.7 as well) it worked without explicitly defining the SecurityProtocol values....

------------------------------
Cheers Astrid
------------------------------
Cheers [FirstName]
0 Likes

Go to answer
JamesMarsh
Staff
Staff
In response to astrid.stollberger

‎04-06-19 02:44 PM

Hi Astrid,

Blue Prism is configured to only use TLS 1.2 protocol by default. In your scenario it appears SharePoint is not configured to utilise the TLS 1.2 protocol and when the TLS/SSL handshake takes place between Blue Prism and SharePoint they cannot find a mutual TLS version to use for the communication. This results in the error you are seeing. 

The code you have placed into the code stage is forcing Blue Prism to allow older versions of TLS and SSL protocols, I wouldn't recommend enabling all protocol versions but the ones you need, you can see how to determine what TLS version is being used by following this stack overflow article: https://security.stackexchange.com/questions/19096/how-to-determine-if-a-browser-is-using-an-ssl-or-tls-connection e.g. 
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12

Further information can be found here:

https://support.blueprism.com/en/support/solutions/articles/7000077946-does-blue-prism-enterprise-support-the-transport-layer-security-tls-protocol-

Regards,



------------------------------
James Marsh
Technical Consultant
Blue Prism
Europe/London
------------------------------

Go to answer
astrid.stollberger
Level 6
In response to JamesMarsh

‎04-06-19 03:00 PM

Thanks a lot for the explanation, James!

 

Cheers,

Astrid



------Original Message------

Hi Astrid,

Blue Prism is configured to only use TLS 1.2 protocol by default. In your scenario it appears SharePoint is not configured to utilise the TLS 1.2 protocol and when the TLS/SSL handshake takes place between Blue Prism and SharePoint they cannot find a mutual TLS version to use for the communication. This results in the error you are seeing. 

The code you have placed into the code stage is forcing Blue Prism to allow older versions of TLS and SSL protocols, I wouldn't recommend enabling all protocol versions but the ones you need, you can see how to determine what TLS version is being used by following this stack overflow article: https://security.stackexchange.com/questions/19096/how-to-determine-if-a-browser-is-using-an-ssl-or-tls-connection e.g. 
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12

Further information can be found here:

http://portal.blueprism.com/customer-support/support-center#/path/1150114562

Regards,



------------------------------
James Marsh
Technical Consultant
Blue Prism
Europe/London
------------------------------
Cheers [FirstName]
0 Likes

Go to answer
11235813sk
Level 3
In response to astrid.stollberger

‎25-11-19 02:34 PM

Hi,

I am trying to make a Mutual SSL Webservice call where I am using a pem certificate to make the call. I am currently using Blueprism 6.4.3, can you please suggest how I can get this thing implemented.

Thanks
Sanjeev

------------------------------
sanjeev rout
Advanced App Engineering Specialist
Accenture UK
Europe/London
------------------------------
0 Likes

Go to answer
JamesMarsh
Staff
Staff
In response to 11235813sk

‎25-11-19 02:50 PM

Are you trying to communicate out of Blue Prism to a SOAP web service or are you communicating externally into a Blue Prism process or object? 



------------------------------
James Marsh
Technical Consultant
Blue Prism
Europe/London
------------------------------
0 Likes

Go to answer
11235813sk
Level 3
In response to JamesMarsh

‎25-11-19 02:57 PM

I want to make a call to third party API from Blueprism.
Currently I have implemented the call using CURL. From Blueprism I make a call to client server, I pass the .pem, .cer and .crt file as part of CURL call to client server and get the output as a JSON File.

Now I want to get rid of CURL and implement everything in Blueprism VBO. Can you please help me?

------------------------------
sanjeev rout
Advanced App Engineering Specialist
Accenture UK
Europe/London
------------------------------
0 Likes

Go to answer
AmandeepMalhotr
Level 3
In response to JamesMarsh

‎23-12-19 12:29 PM

Hi,

I'm facing a similar issue, but the code throws the same error even after enabling all protocol versions.

Here's my code:
resultData="";

try
{

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
	| SecurityProtocolType.Tls11
	| SecurityProtocolType.Tls12
	| SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = new        
RemoteCertificateValidationCallback
(
   delegate { return true; }
);
WebClient client = new WebClient();
client.UseDefaultCredentials = true;
String htmlCode = client.DownloadString(addressURL);
resultData = htmlCode;


	Success=true;
	Message="";

}
catch(Exception e)
{
	Success=false;
	Message=e.GetBaseException().Message;
}
I also tried removing ServerCertificateValidationCallback, still no luck.

Protocol version being used by server: TLS 1.2, AES with 256 bit encryption (High); DH with 1024 bit exchange (looked up in IE)

Any idea what might help??

Thanks.

------------------------------
Amandeep Malhotra
Blue Prism Developer
Barclays Technology Centre India
Pune, Maharashtra
------------------------------
Amandeep Malhotra Robotics Engineer Barclays Technology Centre India Pune, Maharashtra
0 Likes

Go to answer
creigatmi
Level 2

‎18-10-21 07:00 AM

The error is generic and there are many reasons why the SSL/TLS negotiation may fail. ServicePointManager.SecurityProtocol property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing c# connections aren't changed. Make sure the ServicePointManager settings are made before the HttpWebRequest is created, else it will not work. Also, you have to enable other security protocol versions to resolve this issue:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
SecurityProtocolType.Tls
SecurityProtocolType.Tls11
SecurityProtocolType.Ssl3;

//createing HttpWebRequest after ServicePointManager settings
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

If you create HttpWebRequest before the ServicePointManager settings it will fail and shows the error message.


------------------------------
creig atmi
------------------------------
0 Likes
li.common.scroll-to.top