[.Net Core 3.1][Windows 10] HttpRequestException : 'The SSL connection could not be established, see inner exception.'

[ghost]

Hello,

I searched on MSDN, Stack Overflow and this repository for almost five hours but I have no clue so I finally post it here.
Chrome 80.0.3987.106 is able to show the website while I'm unable to do it in .Net Core 3.1.
I don't own the server or the domain so I'm not sure how it is configured.
I've read the contributing.md file so I hope I do this correctly.
If I missed something feel free to close this and I apologize for the useless issue.

Issue

Whenever I run the following code I get a System.Net.Http.HttpRequestException : 'The SSL connection could not be established, see inner exception.' on line 28.
Inner Exception : AuthenticationException : Authentication failed, see inner exception..
Inner inner Exception : Win32Exception : The message received was unexpected or badly formatted.

using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web;

namespace SSLConnection
{
    internal class Program
    {
        private static string GetHttpContent(string uri, CookieContainer container)
        {
            using HttpClientHandler handler = new HttpClientHandler
            {
                AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
                CookieContainer = container,
                ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
            };
            using HttpClient client = new HttpClient(handler);
            client.DefaultRequestHeaders.TryAddWithoutValidation("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363");
            client.Timeout = TimeSpan.FromMinutes(3.0);
            using HttpRequestMessage request = new HttpRequestMessage
            {
                Method = HttpMethod.Get,
                RequestUri = new Uri(uri)
            };
            using HttpResponseMessage response = client.SendAsync(request).GetAwaiter().GetResult();
            using HttpContent content = response.Content;
            byte[] buffer = content.ReadAsByteArrayAsync().GetAwaiter().GetResult().ToArray();
            string html = Encoding.UTF8.GetString(buffer, 0, buffer.Length);
            return HttpUtility.HtmlDecode(html);
        }

        private static void Main()
        {
            string html = GetHttpContent("https://brickfy.com/", new CookieContainer());

            Console.WriteLine("End");
            Console.ReadLine();
        }
    }
}

Attempts

• Show the website (https://brickfy.com/) in Edge, Edge says TLS configuration is obsolete
• Show the website in Chrome 80.0.3987.106, works fine
• ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator in the HttpClientHandler, does nothing
• ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; };in the HttpClientHandler, does nothing
• ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; in Main(), does nothing
• ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; in Main() can't be tested, Visual Studio says it's unavailable because it's obsolete

Environment

• Windows 10.0.18363.657 x64
• Visual Studio Community 16.4.4
• .Net Core 3.1
• (The issue happens with .Net Core 3.1 but if it matters I also have .Net Framework 4.8.03752 installed on my computer)

Thanks.

[vcsjones]

According to SSLLabs this server, https://brickfy.com/, only supports TLS 1.3. TLS 1.3 is not yet supported on Windows / SChannel (tracked in #1720). Chrome is able to load it on Windows because it has it's own TLS/SSL implementation (BoringSSL).

[davidsh]

Duplicate of #1720

[adesokanayo]

Was there any resolution or a solution to this, I'm having same issues with calling an API that uses Let's encrypt.

[vcsjones]

@adesokanayo the resolution for this one was that the server required TLS 1.3 but the client OS didn't support it. Either the server needed to be configured to accept TLS 1.2 or the client was run on an OS that supports 1.3.

If you are facing the same error, I might suggest trying .NET 5 RC - the error message here is fairly generic and is reported for many reasons. .NET 5 gives better errors to help diagnose the specific issue.

If you are still having trouble then please feel free to open a new issue.