The request was aborted: Could not create SSL/TLS secure channel when connecting to an old web service

Question

I need to connect to an old web service. It's a government service so I cannot do anything server side.

Firstly, when I try to connect to WSDL through browser, Chrome says:

This site can't provide a secure connection. 'Site' uses and unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Then, I inspected the server using SSL Labs Server test. It confirmed that server only supports TLS1.0 and SSL3. SHA1withRSA 1024 bit is used. Actually, I did this much later during my troubleshooting but I think it's best to say it at the beginning.

Also, the server certificate expired in 2014, and it has a Common Name linked to a private address.

When I connect to the service in the Visual Studio 2019 I get:

After that, Visual Studio somehow had connected to the service and generated client classes.

But only once. I tried several more times, and I always get:

Now, I have searched throughout StackOverflow and elsewhere, and I applied many of the proposed solution, so this is my code so far:

//ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls; // TLS 1.0
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => { return true; };

var binding = new ServiceModel.BasicHttpBinding(System.ServiceModel.BasicHttpSecurityMode.Transport);
var endpoint = new ServiceModel.EndpointAddress(url);

var client = new wsClient(binding, endpoint); // This is where code breaks

When using Ssl3 protocol I am getting following error:

An error occurred while receiving the HTTP response to '...'. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.

And, when using Tls protocol I am getting:

Exception: Could not establish secure channel for SSL/TLS with authority '...' InnerExeption: The request was aborted: Could not create SSL/TLS secure channel.

Also, when using Tls11, Tls12 or Tls13 I am getting the same error as when using only Tls.

The ServerCertificateValidationCallback never gets called, I assume the connection never reaches that point.

I have also tried connecting to the service using SoapUI. And it response was (after configuring it to even try TLS1.0):

Received fatal alert: handshake_failure

So, I am really stuck and I have exhausted everything that I have found on the net. I would appreciate a suggestion or advice.

Answer 1

Just to let everybody know, if somebody should ever stumble upon issue like this. This is what I needed to do:

1. TLS1 and SSL3 were disabled at OS level, I needed to enable them there first.
2. Since it was very old service, I needed to import the service as a WebServiceReference that inherits SoapHttpClientProtocol, not as new ServiceReference that inherits ServiceBase.
3. Service required client certificates to be sent with each request.

Just in case anybody needs it.