Recently, I was integrating Acumatica with an ActiveMQ message queue. I was having a problem connecting and getting the following error:
The specified value is not valid in the 'SslProtocolType' enumeration. Parameter name: sslProtocolType at System.Net.Security.SslState.ValidateCreateContext(Boolean isServer, String targetHost, SslProtocols enabledSslProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, Boolean remoteCertRequired, Boolean checkCertRevocationStatus, Boolean checkCertName) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at Apache.NMS.ActiveMQ.Transport.Tcp.SslTransport.CreateSocketStream() at Apache.NMS.ActiveMQ.Transport.Tcp.TcpTransport.Start() at Apache.NMS.ActiveMQ.Transport.WireFormatNegotiator.Start() at Apache.NMS.ActiveMQ.Transport.TransportFilter.StartAsync() at Apache.NMS.ActiveMQ.Connection.d__225.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Apache.NMS.ActiveMQ.Connection.d__206.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Apache.NMS.ActiveMQ.Connection.CreateSession()
After digging into the pull requests, I saw that the following internal property on the ServicePointManager was what was giving me grief, not allowing Windows to default to the latest TLS version, even though the ActiveMQ .Net client wanted to:
This property can be enabled in the web.config file, or in the system registry. I chose to add it to the system registry. It is suggested that you also follow the steps here to make sure you don’t default to unsecure TLS/SSL protocols.
The key you need to add to also allow the system to default to a TLS protocol (for .NET Framework 4.8) is here:
Add a DWord (32 bit) called SystemDefaultTlsVersions and set its value to Hexidecimal 1, here is a powershell script to do it
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft.NetFramework\v4.0.30319' -Name 'SystemDefaultTlsVersion' -Value '1' -Type DWord ^C
Voila, error resolved!