Could not create SSL/TLS secure channel

J’essai de me connecter sur des sites certifiés par let’s Encrypt à travers un code C#. Pour chacun, j’obtient le résultat
“Could not create SSL/TLS secure channel”

Je peux lire des réponses en Anglais : oui

Mon nom de domaine est : N/A

J’ai exécuté cette commande :
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
var request = (HttpWebRequest)WebRequest.Create(“https://community.letsencrypt.org”);
request.Method = WebRequestMethods.Http.Get;
var response = (HttpWebResponse)request.GetResponse()

Elle a produit cette sortie :Could not create SSL/TLS secure channel

Mon serveur Web est (inclure la version) : N/A

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) : windows server 2012 r2 datacenter

Mon hébergeur, le cas échéant, est :azure

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) :oui

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : N/A

Hi @jlandrei

looks like this isn’t longer possible.

Checking Letsencrypt via Ssllabs - https://www.ssllabs.com/ssltest/analyze.html?d=community.letsencrypt.org&s=65.19.128.96&hideResults=on

Only the following Cipher Suites are allowed:

But if I know it correct, Windows 2012 doesn’t support one of these GCM suites. Same with the CHACHA20.

That was the reason I’ve switched to an EC certificate. There was a GCM-support.

Can you try (same command) to connect

https://check-your-website.server-daten.de/

to see, if that works?

1 Like

yes i can fetch this url with my code.
But all other url i tested don’t works even url of this forum itself.
It’s a huge issue for my company because we could lose some customers if we cannot access to their website.
Only websites with letsencrypt do not work properly

So it’s correct: Windows 2012 supports GCM EC Cipher suites.

That’s a problem of your too old Windows 2012.

Ssllabs warns, if CBC cipher suites are used. So a lot of websites have removed these cipher suites.

And Windows 2012 doesn’t support RSA + GCM Cipher.

Additional: A lot of older Cipher suites (weak) are removed, same with Tls.1.0 and 1.1.

It’s not a problem of Letsencrypt certificates. It’s a configuration mismatch between the modern website and your too old client.

1 Like