Visual Studio Web Performance Tests Support for TLS 1.2 Workaround

Share on facebook
Share on twitter
Share on linkedin

Websites and API services are requiring a minimum TLS version of 1.2 to access.  The Visual Studio 2017 web performance test runner (and previous versions) does not support TLS 1.2 when executing web performance tests against HTTPS sites requiring TLS 1.2. We have run into a couple issues recently where we weren’t able to run our web performance tests because of this.  While we didn’t figure out this fix, I wanted to share it so that you might find it faster.  I hope for an out of the box fix so we don’t have edit the registry.  If you feel this is important please vote for this item on UserVoice.

When running any web performance test against a HTTPS endpoint requiring TLS 1.2, you will receive the following error:

Request failed: An existing connection was forcibly closed by the remote host

Here is full exception.

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. —> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. —> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
— End of inner exception stack trace —
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
— End of inner exception stack trace —
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at Microsoft.VisualStudio.TestTools.WebStress.WebTestTransaction.ResponseReceived(IAsyncResult result)

To fix the issue, add the following registry keys to your registry (Remember to proceed at your risk.  Invalid registry changes can damage Windows.) 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319\]
"SchUseStrongCrypto"=dword:00000001

To reproduce the issue, create a web app or api app in Azure select TLS 1.2 for the minimum TLS version under the SSL settings.  Create and execute a web performance test against the site using HTTPS.  After adding the registry entries above, the requests should succeed.

tls-setting-azure-app-service.jpg

Thanks Geza Soos for posting the registry fix!  Thanks Federico and Jason for sharing this fix!

More to explore

Leave a Reply

Your email address will not be published. Required fields are marked *