15

I want to try net5.0 since it's in rc2, and I've encountered a strange issue.

I've created a default WebApi in net5.0. I didn't touch anything, I just clicked run (in kestrel, not ISS) and the Swagger home page shows up. I tried the WeatherForcast get and everything is working fine.

Swagger index page

then I created a console app in NET5.0 and added this code :

static async Task Main(string[] args)
{
    var clientHandler = new HttpClientHandler
    {
        ServerCertificateCustomValidationCallback = (_, _, _, _) => true
    };
    var client = new HttpClient(clientHandler);
    try
    {
        var httpMessage = await client.GetAsync("https://localhost:5001/WeatherForecast");
    }
    catch (Exception e)
    {
        Console.WriteLine(e);
        throw;
    }
}

and with this code I got the following error :

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.

after that, I tried on Postman the same request and it worked (as from swagger). My final test was to switch the console app to netcore 3.1 and the request worked.

So I only got this error on net5.0 app.

Any suggestions ?

EDIT :

  • Here are my pc info : W10 Enterprise, V 1809, Build 17763.1518.
  • I only got the error on the Net5.0 console.
Thibaud
  • 377
  • 1
  • 2
  • 15
  • How does title of your question related to it content? – Pavel Anikhouski Oct 30 '20 at 14:27
  • 2
    **Please** don't use `.GetAwaiter().GetResult()`. Async code is async for a reason, don't try to force it to run synchronously. – Ian Kemp Oct 30 '20 at 14:35
  • Are you saying that the call to the web API method `https://localhost:5001/WeatherForecast` **only** failed when invoked from a .NET 5 console app, and succeeded from .NET Core 3.1/Swagger/Postman? – Ian Kemp Oct 30 '20 at 14:38
  • My guess is that you are hitting https://github.com/dotnet/runtime/issues/1720 - that is marked as resolved with code merged to fix it, but no idea if that fix made it into RC2. It would also help if you specified what OS and version you're using. – Ian Kemp Oct 30 '20 at 14:41
  • Yes the call is failling only through the net5 console. And yes usually i don't use GetAwaiter().GetResult()... – Thibaud Oct 31 '20 at 08:52
  • 3
    My best guess is that you are running your server without TLS but are trying to connect using https. Remove the http. And yes as @IanKemp said above please learn about asynchronous programming and threading properly. – James Mallon Jan 27 '21 at 23:14

4 Answers4

14

I know this is an old question, but I encountered it and solved it by changing "https" to "http" in the api url part.

In this question that would be changing:

var httpMessage = await client.GetAsync("https://localhost:5001/WeatherForecast");

To:

var httpMessage = await client.GetAsync("http://localhost:5001/WeatherForecast");

Lightfoe
  • 196
  • 1
  • 8
  • 2
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community May 06 '22 at 15:21
11

Kestrel used to force selection of Tls 1.1 or Tls 1.2. From .Net 5.0 Preview 6 onwards, it was change to "None", meaning the OS default. Kestrel Default Tls Support

Coincidentally, Microsoft last year started enabling Tls 1.3 by default in Windows 10. Windows 10 Tls 1.3 Enabled by DefaultHence your application is likely now using Tls 1.3 which I have found to be sometimes "problematic".

To set Tls 1.3 to be disabled by default (meaning available to apps that request it, but off otherwise), in your registry go to or create this path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

And set or create a DWORD named DisabledByDefault to 1.

This should make your browser go with Tls 1.2.

For your Kestrel server, similarly:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server

Also there, set or create a DWORD named DisabledByDefault to 1.

If that doesn't do it, under both Client and Server also create a DWORD named "Enabled" set to 0. This will disable Tls 1.3 altogether.

Qtax
  • 33,241
  • 9
  • 83
  • 121
user6604437
  • 152
  • 3
  • 6
  • It was that ! Thank you a lot =) – Thibaud Apr 23 '21 at 08:18
  • But what is wrong TLS 1.3 anyway? I have one project that works fine using it, but I get this same issue if I run it on a freshly created ASP.NET Empty Web App. Is there any missing configuration that needs to be setup before HTTPS will work? – AMG May 06 '23 at 06:35
6

Other possible reason for the exception:
Your client calls an https url, but server has only hosted http.

tme5092
  • 91
  • 1
  • 4
0

In my case, I just needed to change my connection string, I used the one on the Azure Storage Explorer here.

enter image description here

Pradeep Kumar
  • 1,193
  • 1
  • 9
  • 21
Estifanos Bireda
  • 11
  • 1