How to fix TLS/SSL handshaking failure

How to fix TLS/SSL handshake failure on Windows Server 2012 R2. Couldn’t send emails through web application on the server(couldn’t connect to Office365 email server).

Userful links:

Transport Layer Security (TLS) best practices with the .NET Framework

Authenticate your device or application directly with a Microsoft 365 or Office 365 mailbox, and send mail using SMTP AUTH client submission

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server

Enable outbound TLS 1.1 and 1.2 on Windows Server

SecurityProtocolType Enum

TLS1.2 IN .NET FRAMEWORK 4.0 (4.5 NOT INSTALLED, solution in the thread works!!!!!)

What does “The TLS protocol defined fatal alert code is 70” mean?

What I have tried:

• Re-purchase / Re-issue SSL certificate on Server and related domain(registered through )
• Download .NET framework patches(install what you can install)
• Apply best practice on IISCrypto and reset IIS
• delete wrong 0.0.0.0:8443 port and add the same hash key as the 433 port
• Add SchUseStrongCrypto in registry under

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
“SchUseStrongCrypto”=dword:00000001

Add to code: ServicePointManager.SecurityProtocol = (SecurityProtocolType)0xC00;

• add protocol TLS 1.0 and TLS 2.0 to registry as follows(can do it manually or through IISCrypto.exe)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\XXXXX\Client]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\XXXXX\Client]
"Enabled" = dword: 00000001
"DisabledByDefault" = dword: 00000000

• add below before https request:

Framework 4.0 and later Add

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Framework 4.0 Add

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

• instead of hard code to one specific protocol, use enum to support other protocol needed
• System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

The default System.Net.ServicePointManager.SecurityProtocol in both .NET 4.0/4.5 is SecurityProtocolType.Tls|SecurityProtocolType.Ssl3.

.NET 4.0 supports up to TLS 1.0 while .NET 4.5 supports up to TLS 1.2

However, an application targeting .NET 4.0 can still support up to TLS 1.2 if .NET 4.5 is installed in the same environment. .NET 4.5 installs on top of .NET 4.0, replacing System.dll.

SecurityProtocolType Enum

• Reference

Definition

Namespace:System.NetAssembly:System.Net.ServicePoint.dll

Specifies the security protocols that are supported by the Schannel security package.

This enumeration supports a bitwise combination of its member values.

C#

[System.Flags]
public enum SecurityProtocolType

Inheritance

Object

ValueType

Enum

SecurityProtocolTypeAttributes

FlagsAttribute

Fields

Ssl3	48	Specifies the Secure Socket Layer (SSL) 3.0 security protocol. SSL 3.0 has been superseded by the Transport Layer Security (TLS) protocol and is provided for backward compatibility only.
SystemDefault	0	Allows the operating system to choose the best protocol to use, and to block protocols that are not secure. Unless your app has a specific reason not to, you should use this value.
Tls	192	Specifies the Transport Layer Security (TLS) 1.0 security protocol. The TLS 1.0 protocol is defined in IETF RFC 2246.
Tls11	768	Specifies the Transport Layer Security (TLS) 1.1 security protocol. The TLS 1.1 protocol is defined in IETF RFC 4346. On Windows systems, this value is supported starting with Windows 7.
Tls12	3072	Specifies the Transport Layer Security (TLS) 1.2 security protocol. The TLS 1.2 protocol is defined in IETF RFC 5246. On Windows systems, this value is supported starting with Windows 7.
Tls13	12288	Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF RFC 8446.

Remarks

This enumeration defines the set of values that you can use to specify which transport security protocol to use. It is the enumerated type for the SecurityProtocol property. Use this enumeration to determine your transport security protocol policy when you’re using HTTP APIs in the .NET Framework such as WebClient, HttpWebRequest, HttpClient, and SmtpClient (when using TLS/SSL).

The Transport Layer Security (TLS) protocols assume that a connection-oriented protocol, typically TCP, is in use.

If you are not able to add a property to system.net class library.

Then, add in Global.asax file:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2
ServicePointManager.SecurityProtocol = (SecurityProtocolType)768; //TLS 1.1

And you can use it in a function, at the starting line:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)768 | (SecurityProtocolType)3072;

And, it’s being useful for STRIPE payment gateway, which only supports TLS 1.1, TLS 1.2.

EDIT: After so many questions on .NET 4.5 is installed on my server or not… here is the screenshot of Registry on my production server:

I have only .NET framework 4.0 installed.