0

I got this error with communicating with web api 2 that authenticate using bearer OAuth2 

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

am I using anything wrong or in need to change any configurations

AMH
  • 111
  • 1
  • 1
  • 4

1 Answers1

1

The issue is not with your application or it's internal authentication mechanism, this is a problem at the server conversation level. Essentially, the traffic between your server and your client is encrypted (TLS) - to achieve this, the TLS suite uses ciphers. The error above is stating that the client tried to use a cipher during its connection request that the server did not have OR that the client does not support any of the ciphers that the server has.

There are two possible causes:

  • VERY Old Client connecting to very new server, or vice versa. You cannot do anything to fix this if the client is old other than to advise your visitors to buy newer hardware. If your server is old, upgrade because you're putting user data at risk.
    • More likely: You or someone in your infra team has disabled some ciphers on the server. This is often done when ciphers have been broken and thus are no longer secure, this is done by editing the registry or using IIS Crypto. This is security best practice, but you could turn them back on via the same means.

The top and bottom of it is: your code is fine, it's just a communication issue between your client and server. Short of upgrading your clients / enabling disabled ciphers, there's nothing much you can do about it.

Joe Brailsford
  • 1,091
  • 8
  • 10