Microsoft KB Archive/940934

= An ASP.NET Web application that uses SSL generates an exception after you install security bulletin MS07-040 =

Article ID: 940934

Article Last Modified on 10/31/2007

-

APPLIES TO


 * Microsoft .NET Framework 1.1

-



INTRODUCTION
After you install security bulletin MS07-040, a Microsoft ASP.NET Web application that uses Secure Sockets Layer (SSL) generates the following exception:

Unhandled Exception: System.Net.WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted

--- End of inner exception stack trace ---

at System.Net.HttpWebRequest.CheckFinalStatus

at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

at System.Net.HttpWebRequest.GetResponse

at System.Net.WebClient.DownloadData(String address)

at EndpointTest.Form1.button1_Click(Object sender, EventArgs e) in f:\development\atomynet\usa\testing\endpointtest\form1.cs:line 98

at System.Windows.Forms.Control.OnClick(EventArgs e)

at System.Windows.Forms.Button.OnClick(EventArgs e)

at System.Windows.Forms.ButtonBase.OnKeyUp(KeyEventArgs kevent)

at System.Windows.Forms.Control.ProcessKeyEventArgs(Message& m)

at System.Windows.Forms.Control.ProcessKeyMessage(Message& m)

at System.Windows.Forms.Control.WmKeyChar(Message& m)

at System.Windows.FormThe program '[1960] EndpointTest.exe' has exited with code 0 (0x0). s.Control.WndProc(Message& m)

at System.Windows.Forms.ButtonBase.WndProc(Message& m)

at System.Windows.Forms.Button.WndProc(Message& m)

at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)

at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)

at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)

at System.Windows.Forms.ComponentManager.System.Windows.Forms.UnsafeNativeMethods+IMsoComponentManager.FPushMessageLoop(Int32 dwComponentID, Int32 reason, Int32 pvLoopData)

at System.Windows.Forms.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)

at System.Windows.Forms.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)

at System.Windows.Forms.Application.Run(Form mainForm)



MORE INFORMATION
By default, the release version of the .NET Framework 1.1 supports only the SSL 3.0 protocol. By default, the Transport Layer Security (TLS) protocol is disabled. Security bulletin MS07-040 enables the TLS protocol. If the software or hardware environment is incompatible with the TLS protocol, the ASP.NET Web application may fail and then generate the exception message that is mentioned in the &quot;Introduction&quot; section.

If the software or hardware environment is incompatible with the TLS protocol, use one of the following methods to work around the issue:  Reconfigure the hardware to support the TLS protocol. For example, some SSL accelerator cards are configured to support only the SSL 3.0 protocol. You can reconfigure the SSL accelerator card to support the TLS protocol.

For more information about how to configure the hardware to support the TLS protocol, see the hardware documentation.  Configure the .NET client to use only SSL 3.0 and not the TLS protocol. To do this, add the following line of code to the Web application: ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;  Disable the TLS protocol on the Internet Information Services (IIS) server, and use only SSL 3.0. For more information about how to disable the TLS protocol, click the following article number to view the article in the Microsoft Knowledge Base:

187498 How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services



