We have introduced several .NET pages into a classic ASP application. When the user clicks one of the .NET pages, we use HttpWebRequest to get the values of the session variables from the ASP side by sending a request to the ASP class page with the name of the required session variable. This approach works, except in the following situation.
On our production servers, our IT experts turned off weak encryption algorithms with some hacking of the registry. We want to make 128 more than 128 (or so people who know more about security than me say so). However, this leads to the interruption of our session exchange with the following error.
The request was aborted: Could not create SSL/TLS secure channel
We have enabled trace logging as described in this article . The corresponding lines look like this.
System.Net Information: 0 : [3892] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1b6acdd0:171a28, targetName = secure.xxx.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3892] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=AlgorithmMismatch).
System.Net.Sockets Verbose: 0 : [3892] Socket
System.Net Error: 0 : [3892] Exception in the HttpWebRequest
System.Net Error: 0 : [3892] Exception in the HttpWebRequest
The only nugget I can get from this information is that the problem is the Mismatch Algorithm , but I'm not sure what to do with it.
One thing that I read about, but we haven't tried, adds the following code before we make a request. Does it seem that such a simple change could solve this Mismatch algorithm ?
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3
source
share