Coder Perfect

The request was turned down: The SSL/TLS secure channel could not be created.


Because of this error notice, we are unable to connect to an HTTPS server using WebRequest:

The request was canceled because an SSL/TLS secure channel could not be established.

We know the server doesn’t have a valid HTTPS certificate for the path we’re using, so we use the following code from another StackOverflow post to get around it:

private void Somewhere() {
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AlwaysGoodCertificate);

private static bool AlwaysGoodCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) {
   return true;

The issue is that the server never checks the certificate, resulting in the error described above. I’m at a loss for what to do. Does anyone have any suggestions?

I should remark that a coworker and I tested it a few weeks ago and it worked perfectly with something close to what I described above. The only “significant difference” we’ve discovered is that I’m using Windows 7 while he’s on Windows XP. Does that make a difference?

Asked by Simon Dugré

Solution #1

I eventually found the answer (I don’t know where I got it, but it came from a Google search);

While the code works in Windows XP, you must add the following at the beginning of Windows 7:

// using System.Net;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// Use SecurityProtocolType.Ssl3 if needed for compatibility reasons

It now works flawlessly.


If you’re having trouble installing PayPal, like Robin French suggested, keep in mind that they won’t support SSL3 after December 3rd, 2018. TLS will be required. Here’s a link to Paypal’s page on the subject.

Answered by Simon Dugré

Solution #2

In.NET 4.5, the answer to this is

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Use.NET 4.5 if you don’t have it.

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

Answered by Andrej Z

Solution #3

If you don’t make the ServicePointManager settings before creating the HttpWebRequest, it won’t work.


ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("")


HttpWebRequest request = (HttpWebRequest)WebRequest.Create("")

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
       | SecurityProtocolType.Tls11
       | SecurityProtocolType.Tls12
       | SecurityProtocolType.Ssl3;

Answered by hogarth45

Solution #4

Note: Several of the most popular responses here recommend that you set ServicePointManager. Microsoft clearly cautions against using SecurityProtocol. I go over the most common causes of this problem and how to fix it in the sections below.

The active.NET Framework version is one of the most common reasons of this problem. Which security protocols are enabled by default depends on the.NET framework runtime version.

There doesn’t appear to be any authoritative documentation on how it works in different versions, however it appears that the defaults are set in the following way:

Your mileage may vary with older versions depending on which.NET runtimes are installed on the system. It’s possible that you’re using an ancient framework that doesn’t support TLS 1.0, or that you’re using 4.6.x and TLS 1.3 isn’t supported.

Microsoft’s documentation strongly advises using 4.7+ and the system defaults:

Check the targetFramework version in your httpRuntime> element for ASP.NET sites, as this (if present) defines which runtime is utilized by your site:

<httpRuntime targetFramework="4.5" />


<httpRuntime targetFramework="4.7" />

Answered by JLRishe

Solution #5

I was having trouble accessing, which is an image delivered by CloudFlare on its CDN that supports strange redirect SSL certs and SPDY.

Instead of specifying Ssl3 as Simon suggested, I was able to resolve the issue by dropping down to Tls12 as follows:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
new WebClient().DownloadData("");

Answered by Bryan Legend

Post is based on