2

I'm getting this error message while using the "Test connection to your bot" section on https://dev.botframework.com/.

An error occurred while sending the request. The request was aborted: Could not create SSL/TLS secure channel.

As noted in this Stack Overflow question, the bot framework does not work with self-signed certs.

However, this is not a self-signed cert. It is issued by DigiCert and my browser does not complain about it.

The endpoint is https://gem-hair.hyperdev.space/chat

EDIT: per http://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants-v-2016-april.aspx, DigiCert is a trusted certificate root.

Charles Wood
  • 864
  • 8
  • 23
  • 1
    I'm having the exact same issue with a Comodo cert. The BFEmulator.exe testing app also errors (with an exception). I'll be upvoting a solution here as well. – Joseph Yancey Jun 23 '16 at 20:07
  • @JosephYancey it would be nice if there was a real support channel, not just the feedback forum. – Charles Wood Jun 23 '16 at 21:07
  • @JosephYancey Actually, you should go vote and/or add more feedback to my post on their forum: https://feedback.botframework.com/forums/354213-general/suggestions/14914197-could-not-create-ssl-tls-secure-channel – Charles Wood Jun 24 '16 at 14:47

1 Answers1

1

One of my colleague took a look. It seems that your cert requires TLS 1.2 which we don't currently support. We are working on a fix.

We do currently support TLS 1.0.

EDIT: Some clarifications. My earlier statement above about your cert is wrong. It's not your cert that requires TLS 1.2.

BotFramework endpoints supports TLS 1.0, 1.1 and 1.2 on connections inbound to it. However connections outbound from it was configured only for SSLv3 and TLS 1.0. Your "gem-hair" endpoint in Amazon EC2 is configured to only accept incoming connections with TLS 1.1 and 1.2. You can check this using https://ssllabs.com. That's why BotFramework can't reach you.

UPDATE: We updated outbound support to TLS 1.0, 1.1 and 1.2. This problem is now fixed.

Ming-wei Wang
  • 26
  • 2
  • Thanks for the info! – Charles Wood Jun 24 '16 at 22:36
  • Well hmm. Per https://github.com/Microsoft/BotBuilder/issues/464#issuecomment-228562577, at least one person in the world is using the Bot Framework 100% successfully with TLS 1.2. – Charles Wood Jun 29 '16 at 20:25
  • I have also been able to successfully establish a TLS connection with a different server, which is also running TLS 1.2. – Charles Wood Jun 30 '16 at 17:48
  • 1
    Some clarifications. BotFramework endpoints supports TLS 1.0, 1.1 and 1.2 on connections *inbound* to it. However connections *outbound* from it was configured only for SSLv3 and TLS 1.0. Your "gem-hair" endpoint in Amazon EC2 is configured to only accept incoming connections with TLS 1.1 and 1.2. You can check this using ssllabs.com. That's why BotFramework can't reach you. We fixed and verified this in our local environment today. I think we'll push the changes to PROD later today. I'll update this here after that happens. – Ming-wei Wang Jun 30 '16 at 23:44
  • Thanks for the clarification and the quick response times! This is the only place I've gotten any response from Microsoft about this issue. – Charles Wood Jul 01 '16 at 00:54
  • ...the subdomain was automatically generated, by the way... ;) – Charles Wood Jul 01 '16 at 02:12
  • This is fixed in PROD now. I still get a 500. But it's not the TLS error anymore. – Ming-wei Wang Jul 08 '16 at 17:47
  • 500 InternalServerError System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context) at – user1367713 Jul 21 '16 at 14:40
  • My server Protocols TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No – user1367713 Jul 21 '16 at 14:41
  • What's your bot id? Where are you seeing the error? Is it when you "Test connection to your bot" in ? – Ming-wei Wang Jul 24 '16 at 05:36
  • Your cipher suites are too weak (see ). You need a stronger one like TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384. – Ming-wei Wang Jul 24 '16 at 19:49
  • @Ming-weiWang Getting the same error when testing the bot: Could not create SSL/TLS secure channel. Bot id: d2ae7455-ec68-404e-8f61-169812dbce20. Have check the cipher suite and it includes TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384. Any idea? – sazap10 Jul 27 '16 at 08:33
  • @sazap10 I just tried "Test connection to your bot". It showed "Accepted" with no errors. – Ming-wei Wang Jul 28 '16 at 17:17