We had some trouble with posting data with a System.Net.WebClient request. We notice that it was sporadic and couldn’t figure it out. What we found out was that some calls had SecurityProtocolType.Ssl3 and other calls didn’t specify SecurityProtocolType.
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
SecurityProtocolType is a static class, and what ended up happening was when one call changed the SSL type, it would affect other areas of the application. We had to explicitly set the protocol type in each request.
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls; // or Ssl3
a developer's notes - a semi-technical web development BLOG 
You really want to define your ServicePointManager settings once in Application_Start. Avoid re-defining values, especially at the request-level because you can run into race conditions across requests (more likely under high volume).
[RequestThread1] ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
[RequestThread1] Client1.MakeSomeRequest();
[RequestThread2] ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
[RequestThread2] Client2.MakeSomeRequest();
Without a shared static locking mechanism in place, this can execute in unexpected orders, such as:
[RequestThread1] ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
[RequestThread2] ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
[RequestThread1] Client1.MakeSomeRequest(); // <– This will fail if the server only supports TLS 1.2
[RequestThread2] Client2.MakeSomeRequest();
Comment by scottt732 — February 24, 2017 @ 4:38 pm |