This article also applies to the following:
-
Microsoft .NET Framework 3.5
Summary
Customers who run .NET Framework applications that rely on Transport Layer Security (TLS) 1.2, such as Intuit QuickBooks Desktop, may experience connectivity failures after they upgrade their system to a newer version of Windows.
Symptoms
Consider the following scenario:
-
You run an application that relies on Transport Layer Security (TLS) 1.2 protocol.
-
The application uses the SchUseStrongCrypto registry key flag.
-
The application establishes a TLS 1.2 client-server connection.
-
You upgrade the Windows operating system on that computer to a newer version.
In this scenario, you observe connectivity failures after the upgrade. The failures may include, but are not limited to, the following exception message and inner exception message:
System.Net.Http.HttpRequestException: An error occurred while sending the request.
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)Cause
This problem occurs because the SchUseStrongCrypto flag is not preserved throughout the Windows upgrade process.
Workaround
To work around this problem, use one of the following methods.
Workaround 1
Re-enable TLS 1.2 support as a machine-wide default protocol by setting the SchUseStrongCryptoregistry key flag that has a DWORD value of 1, as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto
Note You must add "[Wow6432Node\]" if the application runs as a 32-bit process on a 64-bit operating system, and set <VERSION> to either v4.0.30319 (for .NET Framework 4 and later versions) or v2.0.50727 (for .NET Framework 3.5).
Workaround 2
Enable TLS 1.2 support for your particular application (not machine-wide) by using an AppContext switch in the "<runtime>" section of your config file, as follows:
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false" />
</runtime>
Note By using this switch, you you can avoid this problem from recurring in future Windows upgrades because the setting will be correctly persisted.
Status
Microsoft has now resolved this issue for some devices. An update is available on Microsoft’s Update Catalog as of August 16, 2018 for those customers who have Intuit QuickBooks installed.
These customers may also check for updates on Windows Update by going to Settings > Update & Security > Windows Update and selecting Check for updates.
For devices that do not have Intuit QuickBooks installed and who are experiencing this issue: Microsoft is working on a resolution and will provide an update in an upcoming release.