The request was aborted: Could not create SSL/TLS secure channel.

The error “The request was aborted: Could not create SSL/TLS secure channel.” can happen during any download HTTP request. This error generally will correspond to firewalls, proxies or DNS filtering blocking the connection or an SSL/TLS cipher misconfiguration.

Topics covered in this article:

Determine if You are Affected

If affected, you will see an error similar to below in one of the following log files PatchMyPC.log or SMS_ISVUPDATES_SYNCAGENT.log, dependent on the publishing method you are using.

The request was aborted: Could not create SSL/TLS secure channel.

Note: We are generally pretty limited in the amount of support we can provide for issues related to web filtersfirewallsproxiescertificate trust, or other network-related errors. However, our resolutions below will generally help diagnose and resolve this specific error. 

Possible Cause 1: Firewall, DNS, or Proxy Blocking Network Connections

The most common cause for this errors us network firewalls or security appliances blocking network connections.

If using our Publisher, the PatchMyPC.log will show the specific download URL returning the SSL/TLS error. On the machine running with the error, copy the download URL from the log and perform the following steps:

Copy the download URL from the log file

The request was aborted Could not create SSL/TLS secure channel

Paste and Go the URL into Internet Explorer on the machine with the error. Check if Internet Explorer returns any errors or warnings from a firewall or security appliance.

Antivirus or Firewall causing download TLS error

If blocked, you will need to work with your networking team to validate proper domains are whitelisted. You can find the full list of domains used for Patch My PC’s catalog, including vendor domains for content download at List of Domains for Whitelisting when Using Patch My PC’s Catalog

Possible Cause 2: Are You Using A Proxy and is It Configured Correctly?

If a proxy is required for internet access within your environment, you will need to configure it from the Advanced tab’s and apply the new settings.

Check Proxy Setup for Patch My PC Publisher

If a proxy is configured, restart the Publisher for the changes to take effect.

You will also need to confirm if proxy authentication is required. If so, the Use Authentication must be checked and a login configured. 

Possible Cause 3: Is SSL Being Limited to Specific Cryptography Protocols and Cipher Suites?

We have also seen issues related to customers that are only allowing specific SSL protocols and ciphers. In this scenario, we have observed the following errors when browsing out to the file download URL in internet explorer.

On Server 2019 or newer:

On Server 2016 or older:

If you receive the error below in the PatchMyPC.log and your error is similar to the Internet Explorer images above it may be related to only allowing specific SSL Ciphers.

WebClient report an error during download: The request was aborted: Could not create SSL/TLS secure channel.

On the server, check if the following registry value exists: 

If this value exists, only the SSL/TLS Ciphers in the Functions REG_MULTI_SZ value will work. If a domain is using a cipher other than ones listed, you will receive the error The request was aborted: Could not create SSL/TLS secure channel.

Limiting the SSL/TLS Ciphers is sometimes enabled as a hardening method for security. Limiting the Ciphers is not enabled by default.

To fix the download in the scenario, you need to either add Ciphers used for all downloads having issues in the Functions REG_MULTI_SZ  list or remove the Functions value to set the SSL/TLS Ciphers to not be limited.

There is a third-party tool available from Qualys SSL Labs where you can paste the download URLs having the issue and the tool will show you the SSL/TLS Ciphers being used on the domain.

For example, when we used the URL, we are able to see the specific SSL/TLS ciphers being used for that domain.

These ciphers would need to be added to the Functions registry value to resolve the issue if applicable.

Important: For any new ciphers to take effect after being added, the server will need to be restarted.

Possible Cause 4: Windows Server 2012 Doesn’t Support New TLS Cipher Suites

We have seen some vendors disable support for older SSL/TLS cipher suites and only support newer suites. We have found Windows Server 2012 or older may not support the newer cipher suites required.

Please see our List of Known Issues and Considerations article for products we are tracking download issues for and workarounds, we are aware of the following products that may fail to download on older server operating systems:

  • Snagit and Camtasia
  • Tableau Products
  • Cisco Webex

Known Issues

For products that are currently known to fail to download, refer to our Known Issues and Considerations when Using Patch My PC.