NuGetGallery: "Could not create SSL/TLS secure channel" error in Visual Studio
Describe the bug
Some Visual Studio customers are reporting the following error:
Unable to load the service index for source https://api.nuget.org/v3/index.json.
An error occurred while sending the request.
The request was aborted: Could not create SSL/TLS secure channel.
The NuGet team is actively investigating this problem. At this time, the issue’s root cause is unknown. See: https://developercommunity.visualstudio.com/content/problem/815971/unable-to-browse-nuget-packages-1.html
Workaround
Some customers have reported that disabling TLS 1.3 has resolved their issues:
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
Write-Host 'TLS 1.3 has been disabled.'
You may also need to change your .NET Framework default TLS version:
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:32
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 21
- Comments: 16 (2 by maintainers)
This issue seems to have arised again. In November 2020, I was able to publish a self-contained, single-file C# application (using the then-latest available VS2019) without issues. Today I ran into this issue (VS2019 16.8.6) trying to publish it again, using the same settings.
Windows 10 1809 (Company laptop) Visual Studio 2019 16.8.6
Running the workaround commands fixed the issue for me, but still odd it stopped working randomly.
If this does not work, you have to make sure you have the TLS 1.2 registry keys present. To add them, see this.
This was the problem I had. It won’t default to TLS 1.2 even if you tell it not to use TLS 1.3.
The fix is working for me. executing these commands made the NuGet working again in Visual Studio.
I have extremely restricted Internet access for all applications. When I gave Visual Studio (devenv.exe) access to the oneocsp.microsoft.com server, it automatically resolved the error and listed all the packages for me.
In order to establish a secure connection with the package repository, it appears that it downloads certificates from that server.
Resolved! devenv.exe require access to oneocsp.microsoft.com