Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 940934 - Last Review: October 31, 2007 - Revision: 1.4
An ASP.NET Web application that uses SSL generates an exception after you install security bulletin MS07-040
After you install security bulletin MS07-040, a Microsoft ASP.NET Web application that uses Secure Sockets Layer (SSL) generates the following exception:
Unhandled Exception: System.Net.WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.CheckFinalStatus()
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.HttpWebRequest.GetResponse()
at System.Net.WebClient.DownloadData(String address)
at EndpointTest.Form1.button1_Click(Object sender, EventArgs e) in f:\development\atomynet\usa\testing\endpointtest\form1.cs:line 98
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.ButtonBase.OnKeyUp(KeyEventArgs kevent)
at System.Windows.Forms.Control.ProcessKeyEventArgs(Message& m)
at System.Windows.Forms.Control.ProcessKeyMessage(Message& m)
at System.Windows.Forms.Control.WmKeyChar(Message& m)
at System.Windows.FormThe program '[1960] EndpointTest.exe' has exited with code 0 (0x0).
s.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at System.Windows.Forms.ComponentManager.System.Windows.Forms.UnsafeNativeMethods+IMsoComponentManager.FPushMessageLoop(Int32 dwComponentID, Int32 reason, Int32 pvLoopData)
at System.Windows.Forms.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.Run(Form mainForm)
By default, the release version of the .NET Framework 1.1 supports only the SSL 3.0 protocol. By default, the Transport Layer Security (TLS) protocol is disabled. Security bulletin MS07-040 enables the TLS protocol. If the software or hardware environment is incompatible with the TLS protocol, the ASP.NET Web application may fail and then generate the exception message that is mentioned in the "Introduction" section.
If the software or hardware environment is incompatible with the TLS protocol, use one of the following methods to work around the issue:
- Reconfigure the hardware to support the TLS protocol. For example, some SSL accelerator cards are configured to support only the SSL 3.0 protocol. You can reconfigure the SSL accelerator card to support the TLS protocol.
For more information about how to configure the hardware to support the TLS protocol, see the hardware documentation. - Configure the .NET client to use only SSL 3.0 and not the TLS protocol. To do this, add the following line of code to the Web application:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
- Disable the TLS protocol on the Internet Information Services (IIS) server, and use only SSL 3.0.
For more information about how to disable the TLS protocol, click the following article number to view the article in the Microsoft Knowledge Base:
187498Â
(http://kbalertz.com/Feedback.aspx?kbNumber=187498/
)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
For more information about the
ServicePointManager.SecurityProtocol property, visit the following Microsoft Developer Network (MSDN) Web site:
For more information about security bulletin MS07-040, click the following article number to view the article in the Microsoft Knowledge Base:
931212Â
(http://kbalertz.com/Feedback.aspx?kbNumber=931212/
)
MS07-040: Vulnerabilities in the .NET Framework could allow remote code execution
APPLIES TO
- Microsoft .NET Framework 1.1
| kbtshoot kbcode kberrmsg kbinfo KB940934 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate