Hi there,
I have an install of Umbraco (7.4.3) on a stage and live environment and was using Courier (2.52.7) to sync between the two successfuly. However, the servers have been locked down to only TLS1.2 and now I get the below error when trying to sync:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
Has anyone come accross this before as i've been going around in circles for weeks!?
Thanks
J
------------ UPDATE --------------
We believe that this might be a .Net problem with version 4.6 using TLS1.2. The MS page here has some information around it: https://support.microsoft.com/en-gb/kb/3069494
They recommend adding this to the website::
Programmatically: Must be the very first thing the application does because ServicePointManager will initialize only once. Use the following code example in your application:
private const string DisableCachingName = @"TestSwitch.LocalAppContext.DisableCaching";
private const string DontEnableSchUseStrongCryptoName = @"Switch.System.Net.DontEnableSchUseStrongCrypto";
AppContext.SetSwitch(DisableCachingName, true);
AppContext.SetSwitch(DontEnableSchUseStrongCryptoName, true);
By using the AppConfig file for your application: Add the following line to the Appconfig file:
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=true"/>
I think I had a similar issue with an old Windows Server 2008 box and Forms. The forms were being POSTed to SalesForce which had been locked down to TLS1.2
I suspected the code wasn't specifying using TLS above 1.0 but there are some Registry settings to force all .NET code to use the newer TLS protocols from the server.
I think the reg flag you want is half way down on the comments here but it was a few months ago.. so I can't remember exactly what I set but it did the trick.
.Net & Umbraco communication between servers
Hi there, I have an install of Umbraco (7.4.3) on a stage and live environment and was using Courier (2.52.7) to sync between the two successfuly. However, the servers have been locked down to only TLS1.2 and now I get the below error when trying to sync:
Has anyone come accross this before as i've been going around in circles for weeks!?
Thanks
J
------------ UPDATE --------------
We believe that this might be a .Net problem with version 4.6 using TLS1.2. The MS page here has some information around it: https://support.microsoft.com/en-gb/kb/3069494 They recommend adding this to the website::
Where would I add this in an Umbraco install?
Many thanks
I have now created two windows servers with Vanilla installs of Umbraco & Courier and still have this problem between server communication.
Is this a known bug in Courier?
Did you ever fix this? Currently hitting the same issue. Thanks
Hi,
I think I had a similar issue with an old Windows Server 2008 box and Forms. The forms were being POSTed to SalesForce which had been locked down to TLS1.2
I suspected the code wasn't specifying using TLS above 1.0 but there are some Registry settings to force all .NET code to use the newer TLS protocols from the server.
I think the reg flag you want is half way down on the comments here but it was a few months ago.. so I can't remember exactly what I set but it did the trick.
https://stackoverflow.com/questions/28286086/default-securityprotocol-in-net-4-5
if not try here: .NET Enable SSL TLS
HTH
Steve
We had to add an extra line of code just before communicating with an external server (not an umbraco server, and excuse the VB code).
I'm working on putting it into the applicationstarting event as it should be a global setting.
See here for more information
https://stackoverflow.com/questions/26742054/the-client-and-server-cannot-communicate-because-they-do-not-possess-a-common-a/42124951#42124951
is working on a reply...