On March 27, 2018, RSA SaaS Operations announced the TLS 1.0/1.1 protocols will be deprecated starting May 6, 2018, and leaving TLS 1.2. This change may impact processes using the Archer Web Services API and REST API. Any custom applications/integrations developed with .NET Framework 4.5 or older may not have the TLS 1.2 protocol enabled and will not be able to connect successfully after TLS 1.0/1.1 is deprecated.
The information below also applies to customers not using RSA Archer Hosting Services, but have disabled TLS 1.0/1.1 in their Archer environments.
The following error messages can occur when custom applications can’t connect because TLS 1.2 is the only protocol enabled:
The request was aborted: Could not create SSL/TLS secure channel.
An error occurred while sending the request.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
To correct the issue and prevent possible issues, there are a few options:
Recompile the code with .NET 4.6 or higher
Modify code to use TLS 1.2 as long as the client computer has .NET 4.6 or higher installed
ServicePointManager.SecurityProtocol =(ServicePointManager.SecurityProtocol Or CType(3072, SecurityProtocolType))
ServicePointManager.SecurityProtocol =CType(48, SecurityProtocolType) Or CType(192, SecurityProtocolType) Or CType(768, SecurityProtocolType) Or CType(3072, SecurityProtocolType)
''' <summary> ''' Enable SSL3 and TLS 1.0, 1.1, 1.2 which is needed for .NET 4.0 apps. Starting with 4.6, it's on by default. ''' </summary> ''' Ssl3 =48 ''' Tls 1.0=192 ''' Tls 1.1=768 ''' Tls 1.2=3072 Public Sub EnableSslProtocols()
' Loop thru the available protocols and enable them. Hopefully gets future TLS versions like 1.3. For Each protocol As SecurityProtocolType In System.Enum.GetValues(GetType(SecurityProtocolType)) Debug.Print(protocol.GetHashCode) ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol Or CType(protocol.GetHashCode, SecurityProtocolType) Next
Output of the Debug.Print lines from the function above: