runtime: Getting "The SSL connection could not be established" error when connecting to a certain website

Description

Using HttpClient, When attempting to make GET requests to a certain web address, the method occasionally fails with an error The SSL connection could not be established, see inner exception. where the inner exception says Exception of type 'System.Net.InternalException' was thrown. -2146892963. Occasionally is the key here - it sometimes “just works” (in the provided code below it should result in 503 Service Temporarily Unavailable when it works.)

Minimal reproducible code:

HttpClient client = new HttpClient();
await client.GetStringAsync("https://newbiepr.gitlab.io"); // Fails on this line

Exception details:

<div class="spacer">

HttpRequestException<span class="fixedextenser">4</span>
The SSL connection could not be established, see inner exception.
Data	(0 items)
HelpLink	null
HResult	-2146233088
InnerException	InternalException<span class="fixedextenser">4</span> Exception of type 'System.Net.InternalException' was thrown. -2146892963 Data (0 items) HelpLink null HResult -2146233088 InnerException null Message Exception of type 'System.Net.InternalException' was thrown. -2146892963 Source System.Net.Security StackTrace    at System.Net.SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(SECURITY_STATUS win32SecurityStatus, Boolean attachException)    at System.Net.Security.SslStreamPal.InitializeSecurityContext(SafeFreeCredentials& credentialsHandle, SafeDeleteSslContext& context, String targetName, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)    at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output)    at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer)    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) TargetSite <div id="c7">TargetSite</div>
Message	The SSL connection could not be established, see inner exception.
Source	System.Net.Http
StackTrace	at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)    at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)    at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)    at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)    at System.Net.Http.HttpClient.GetStringAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)    at UserQuery.Main(), line 2
StatusCode	null

</div>

Configuration

Windows version: Windows 10 Pro Insiders Preview Build 21364 (Dev ring), x64, Korean .NET SDK used: 5.0.200-preview.21077.7

Regression?

As far as I can tell it can be reproduced on .NET Framework 4.8 that’s installed on my Windows as well, albeit with a different error message:

HttpRequestException<span class="fixedextenser">4</span>
An error occurred while sending the request.
Data	IDictionary (1 item)<span class="fixedextenser">4</span> Key Value LINQPad.LineNumber 6
HelpLink	null
HResult	-2146233088
InnerException	WebException<span class="fixedextenser">4</span> The request was aborted: Could not create SSL/TLS secure channel. Message The request was aborted: Could not create SSL/TLS secure channel. Data (0 items) InnerException null TargetSite <div id="c7">TargetSite</div> StackTrace    위치: System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)    위치: System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) HelpLink null Source System HResult -2146233079 Status SecureChannelFailure Response null
Message	An error occurred while sending the request.
Source	mscorlib
StackTrace	위치: System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    위치: System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)    위치: System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()    위치: UserQuery.<RunUserAuthoredQuery>d__0.MoveNext() 파일 C:\Users\gotos\AppData\Local\Temp\LINQPad5\_tjauvduk\query_uwxuos.cs:줄 41

Other information

As far as I can tell, I do not see any sort of similar errors showing up when I make the request with other tools such as curl or Edge browser.

Might be related: https://github.com/dotnet/runtime/issues/44058 (although the issue was closed for insufficient info)

If you’re having trouble reproducing the issue I am happy to provide packet captures for troubleshooting.