Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
Customers who run .NET Framework applications that rely on Transport Layer Security (TLS) 1.2, such as Intuit QuickBooks Desktop, may experience connectivity failures after they upgrade their system to a newer version of Windows.
Consider the following scenario:
In this scenario, you observe connectivity failures after the upgrade. The failures may include, but are not limited to, the following exception message and inner exception message:
System.Net.Http.HttpRequestException: An error occurred while sending the request.
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
This problem occurs because the SchUseStrongCrypto flag is not preserved throughout the Windows upgrade process.
To work around this problem, use one of the following methods.
Re-enable TLS 1.2 support as a machine-wide default protocol by setting the SchUseStrongCrypto registry key flag that has a DWORD value of 1, as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\<VERSION>: SchUseStrongCrypto
Note You must add "[Wow6432Node\]" if the application runs as a 32-bit process on a 64-bit operating system, and set <VERSION> to either v4.0.30319 (for .NET Framework 4 and later versions) or v2.0.50727 (for .NET Framework 3.5).
Enable TLS 1.2 support for your particular application (not machine-wide) by using an AppContext switch in the "<runtime>" section of your config file, as follows:
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false" />
</runtime>
Note By using this switch, you you can avoid this problem from recurring in future Windows upgrades because the setting will be correctly persisted.
Microsoft has now resolved this issue for some devices. An update is available on Microsoft’s Update Catalog as of August 16, 2018 for those customers who have Intuit QuickBooks installed.
These customers may also check for updates on Windows Update by going to Settings > Update & Security > Windows Update and selecting Check for updates.
For devices that do not have Intuit QuickBooks installed and who are experiencing this issue: Microsoft is working on a resolution and will provide an update in an upcoming release.
Keywords: kbprb, kbsurveynew