Fix Error Message: Authentication failed because the remote party has closed the transport stream

05 May, 2016

After hardening our web servers and only allowing secure ciphers, one of the .NET applications we built no longer connected to the Apache web server.

We updated the Apache config so only the secure ciphers were allowed:

# Disallow SSLv2, SSLv3, and TLSv1
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder on
# Disallow RC4, 3DES, MD5, EXP, PSK, SRP, and DSS
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

When we tried to connect our client which was a .NET 4.0 application, we received this error message:

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslState.StartRead...

After some troubleshooting, we found we needed to update from .NET 4.0 to .NET 4.5 in order to access the following security protocol types:

SecurityProtocolType.Tls11
SecurityProtocolType.Tls12

Once we upgraded the project, we could updated our line of code to allow the client to connect to the newer versions of TLS:

// Old Way
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Ssl3

// New Way
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;

#microsoft #windows #apache