Menu
This question is part development and part troubleshooting a vendor supported application.
The issue is the vendor's application doesn't appear to be able to connect to a government service in order to generate a WSDL client. Through my troubleshooting I believe I've narrowed down the issue to .NET 4.0 not supporting SSLv3 on our Windows Server 2012 Standard box.
I discovered this through using PowerShell, since I am on PS version 4 I'm also using .NET 4.0, which is the same CLR version the application is using.
PS C:\Windows> $PSVersionTable
Name Value
---- -----
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.34209
BuildVersion 6.3.9600.16406
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
If I attempt to generate the WSDL client in PowerShell I get the same error the application does. The WSDL URL is found on the following site.
http://www.grants.gov/web/grants/s2s/applicant/versions-wsdls.html
PS C:\Windows> New-WebServiceProxy -Uri ("https://at07ws.grants.gov:446/grantsws-applicant/services/v2/ApplicantWebServicesSoapPort?wsdl")
PS C:\Windows> $error[0] | fl -Force
writeErrorStream : True
Exception : System.Net.WebException: There was an error downloading
'https://at07ws.grants.gov:446/grantsws-applicant/services/v2/ApplicantWebServicesSoapPort?wsdl'. ---> System.Net.WebException: The
underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: The handshake failed due to an
unexpected packet format.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean
preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Discovery.DiscoveryClientProtocol.Download(String& url, String& contentType)
--- End of inner exception stack trace ---
at System.Web.Services.Discovery.DiscoveryClientProtocol.Download(String& url, String& contentType)
at System.Web.Services.Discovery.DiscoveryClientProtocol.DiscoverAny(String url)
at Microsoft.PowerShell.Commands.NewWebServiceProxy.GenerateWebServiceProxyAssembly(String NameSpace, String ClassName)
TargetObject : https://at07ws.grants.gov:446/grantsws-applicant/services/v2/ApplicantWebServicesSoapPort?wsdl
CategoryInfo : ObjectNotFound: (https://at07ws....esSoapPort?wsdl:Uri) [New-WebServiceProxy], WebException
FullyQualifiedErrorId : WebException,Microsoft.PowerShell.Commands.NewWebServiceProxy
ErrorDetails : The underlying connection was closed: An unexpected error occurred on a send.
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {0, 0}
PSMessageDetails :
I specifically began searching for this issue/error.
An unexpected error occurred on a send. ---> System.IO.IOException: The handshake failed due to an
unexpected packet format.
After using openssl I discovered the at07ws.grants.gov server only appeared to support SSLv3 on port 446.
I then found that the server only seemed to support TLS 1.X as a client in .NET version 4.0, I used PowerShell and the ServicePointManager SecurityProtocol property to verify this.
PS C:\Windows> [System.Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12
I then set the SecurityProtocol property to only support Ssl3 and then I was able to generate the WSDL client.
PS C:\Windows> [System.Net.ServicePointManager]::SecurityProtocol = 'Ssl3'
PS C:\Windows> [System.Net.ServicePointManager]::SecurityProtocol
Ssl3
PS C:\Windows> New-WebServiceProxy -Uri ("https://at07ws.grants.gov:446/grantsws-applicant/services/v2/ApplicantWebServicesSoapPort?wsdl")
SoapVersion : Default
AllowAutoRedirect : False
CookieContainer :
ClientCertificates : {}
EnableDecompression : False
UserAgent : Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.34209)
Proxy :
UnsafeAuthenticatedConnectionSharing : False
Credentials :
UseDefaultCredentials : False
ConnectionGroupName :
PreAuthenticate : False
Url : https://at07ws.grants.gov:446/grantsws-applicant/services/v2/ApplicantWebServicesSoapPort
RequestEncoding :
Timeout : 100000
Site :
Container :
I attempted to directly enable SSL 3.0 in the registry but it doesn't appear to make a difference.
http://support.microsoft.com/kb/245030/en-us
Besides setting the supported protocols in .NET/C# which the vendor would have to do, is there a way the supported protocols can be enabled/disabled on the server? Is there a .NET configuration I can set this in?
The vendor claims this is working fine on their server.
Thank you!
396
asked Dec 04 '25 19:12
I found that if you have KB2898850 installed, by default SSL3 is turned off and the registry settings described at KB245030 are ignored. I would recommend finding out of the web service at at07ws.grants.gov can be updated to support TLS. Otherwise, a workaround would be to uninstall KB2898850.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
