AWS S3 AmazonServiceException A WebException with status SecureChannelFailure

Solution 1:

S3 SDK already implements retry logic

By default, an upload is retried 4 times

Created a console application to try to reproduce the error. Console application tried to upload 10-30 files asynchronously. Changing the values in AmazonS3Config for Timeout, ReadWriteTimeout, MaxErrorRetry produced exceptions (System.Net.WebException: The operation has timed out) but not the same we had (Could not create SSL/TLS secure channel).

We hypothesized that the problem could that the service is so busy that can not create the connection, that is why get "Could not create SSL/TLS secure channel"

Solution 2:

This is kind of an old question but I just had a very similar issue and because I was unable to find an appropriate answer on Google, I wanted to contribute my solution.

I had started implementation of an older API which had the following line:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

I was able to correct the issue by changing SecurityProtocolType.Ssl3 to SecurityProtocolType.Tls12

Further explanation:

SSL3 is not generally supported due to the Poodle vulnerability:

https://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability/70724#70724

I had not added this line of code myself and as a result, I was having great difficulty finding the source of the issue. However, while researching I had come across this post regarding a similar issue: https://github.com/aws/aws-sdk-net/issues/86

Near the bottom of this discussion, someone suggested adding the following line:

ServicePointManager.CheckCertificateRevocationList = true;

This fix was not able to correct my issue but it did lead me down the correct path. After searching for other references to the ServicePointManager, I was able to find the previously mentioned line regarding the SecurityProtocolType and correct it.