net 5.0 Cannot determine the frame size or a corrupted frame was received

Question

I want to try net5.0 since it's in rc2, and I've encountered a strange issue.

I've created a default WebApi in net5.0. I didn't touch anything, I just clicked run (in kestrel, not ISS) and the Swagger home page shows up. I tried the WeatherForcast get and everything is working fine.

then I created a console app in NET5.0 and added this code :

static async Task Main(string[] args)
{
    var clientHandler = new HttpClientHandler
    {
        ServerCertificateCustomValidationCallback = (_, _, _, _) => true
    };
    var client = new HttpClient(clientHandler);
    try
    {
        var httpMessage = await client.GetAsync("https://localhost:5001/WeatherForecast");
    }
    catch (Exception e)
    {
        Console.WriteLine(e);
        throw;
    }
}

and with this code I got the following error :

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.

after that, I tried on Postman the same request and it worked (as from swagger). My final test was to switch the console app to netcore 3.1 and the request worked.

So I only got this error on net5.0 app.

Any suggestions ?

EDIT :

• Here are my pc info : W10 Enterprise, V 1809, Build 17763.1518.
• I only got the error on the Net5.0 console.

Answer 1

Kestrel used to force selection of Tls 1.1 or Tls 1.2. From .Net 5.0 Preview 6 onwards, it was change to "None", meaning the OS default. Kestrel Default Tls Support

Coincidentally, Microsoft last year started enabling Tls 1.3 by default in Windows 10. Windows 10 Tls 1.3 Enabled by DefaultHence your application is likely now using Tls 1.3 which I have found to be sometimes "problematic".

To set Tls 1.3 to be disabled by default (meaning available to apps that request it, but off otherwise), in your registry go to or create this path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

And set or create a DWORD named DisabledByDefault to 1.

This should make your browser go with Tls 1.2.

For your Kestrel server, similarly:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server

Also there, set or create a DWORD named DisabledByDefault to 1.

If that doesn't do it, under both Client and Server also create a DWORD named "Enabled" set to 0. This will disable Tls 1.3 altogether.

Answer 2

I know this is an old question, but I encountered it and solved it by changing "https" to "http" in the api url part.

In this question that would be changing:

var httpMessage = await client.GetAsync("https://localhost:5001/WeatherForecast");

To:

var httpMessage = await client.GetAsync("http://localhost:5001/WeatherForecast");