Unable to use cypher suite on client machine in TLS 1.2

247 views Asked by At

I have 2 desktop machines (windows 7). One is my development machine and other is my test machine. I have made a desktop application. It is connecting server using web request. I am using TLS1.2 for connection and HTTPClient (C#) has been used on coding level.

My problem is that Server is expecting TLS1.2 connection and only allows cypher suit TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. Now my development machine (which also has same operating system i.e windows 7 and same .Net framework 4.6.1) is working fine while my test machine is not.

To further dig it, I have collected logs from wireshark and I can see that on one machine I can see after "Client hello" and "server hello", it starts cypher spec exchange while it does not happen in test machine.

I have also tried to see the list of cypher suits and it seems this suite is available on both machines. However number of cypher suits are lesser in my test machine (it might be the case of missing automatic updates). I have attached all screen shot here. Can some one please guide me what is going wrong here.

Screen shot for working machine is :-- For working machine

Cypher suit list for woking machine

2

There are 2 answers

0
Ben Hill On

I ran into a similar problem, maybe, I think, trying to connect to a service that required TLS 1.2... My memory is foggy, but I believe I wasn't having a problem on my development machine, where I had purposely disabled everything but TLS 1.2 in the registry. But from a different machine, it wouldn't connect because it turns out HTTPClient was trying to use ssl3 by default. I had to do this first:

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

0
bulunga On

This problem had been solved finally after installing all Hot fix updates from Microsoft. My development machine was always updated, while test VM was just created using Windows 7 and thats why no hot fixes and automatic updates were there.