10

In my app I use the RestSharp to query a REST API and System.Net.Mail to send emails. On the program startup I set the ServicePointManager.SecurityProtocol property.

If I set the property to:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;

Exception is thrown when querying API with RestSharp:

The request was aborted: Could not create SSL/TLS secure channel

If I set the property to:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls11;

Exception is thrown when sending email with System.Net.Mail:

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

How should I resolve this issue?

lng
  • 805
  • 1
  • 11
  • 31
  • What version of .NET? If you are not on the latest, is it possible to upgrade? After that I would start off by trying to narrow it down a bit. Use the chrome addin Postman to try and communicate with your API. Setup Fiddler (or wireshark) to intercept the traffic and look at the packets to see what it is trying to negotiate. Also are you just using the standard SmtpClient class? what does your code look like for using it? – Wjdavis5 Nov 16 '15 at 23:08
  • You can set the correct value for the service point manager just prior to making a call. – Brian from state farm Nov 19 '15 at 18:10

1 Answers1

7

The REST API server and the mail server you are connecting to apparently have conflicting security protocol requirements. You'll need to use different security protocol settings for them.

ServicePointManager.SecurityProtocol is static and its current value applies to all new connections. There is unfortunately no way to control this setting per ServicePoint. (In my opinion this is a design flaw from Microsoft)

If you have control of either the REST API server or the mail server, then you could perhaps reconfigure them to accept non-conflicting security protocols.

Otherwise, you could re-design your code so that all connections to the REST API and the mail server are made from two separate AppDomains.

For example let the default app domain handle all REST API communication and spawn a separate app domain that does all the mail communication.

With this setup you can use different ServicePointManager.SecurityProtocol values in each domain. (since static values are not shared between app domains).

Mårten Wikström
  • 11,074
  • 5
  • 47
  • 87