• EnglishEspañol日本語한국어Português
  • Log inStart now

No data appears after disabling TLS 1.0

Problem

No data appears in New Relic after disabling TLS 1.0. You checked if TLS 1.0 is disabled by inspecting the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

TLS 1.0 is disabled if "Enabled" is set to 0 and "DisabledByDefault" is set to 1.

Also, you also may have noticed an error message in the New Relic agent logs due to this problem; for example:

  • NewRelic ERROR: Unable to connect to the New Relic service at collector.newrelic.com:443 : System.Net.WebException:
    The request was aborted: Could not create SSL/TLS secure channel.
  • NewRelic ERROR: Unable to connect to the New Relic service at collector.newrelic.com:443 : System.Net.WebException:
    The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException:
    Received an unexpected EOF or 0 bytes from the transport stream.
  • NewRelic ERROR: Unable to connect to the New Relic service at collector.newrelic.com:443 : System.Net.WebException:
    The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception:
    The client and server cannot communicate, because they do not possess a common algorithm.

Solution

The New Relic .NET agent requires a minimum version of TLS 1.2 or above. For TLS 1.2, it also requires .NET to be configured to use it.

Beginning with .NET agent version 10.6.0, upon startup, the agent logs the configured TLS version at INFO-level.

Important

If you set a TLS version as default, it will be used by both the application and the New Relic agent. You can't use a different TLS version for each.

To enable a specific TLS version protocol:

Cause

If you require a specific version of TLS for external HTTP requests, then you must make sure your application and server are configured correctly. Not having proper configuration can lead to the New Relic .NET agent not being able to connect to New Relic.

New Relic's .NET agent communicates with New Relic servers using standard classes available with .NET for making external HTTP requests. Because the .NET agent code runs alongside your application code, the security protocols used for communicating with New Relic servers depend on your application's environment and configuration.

For more information on correctly configuring your system or application's TLS settings depending on your version of the .NET Framework, review Microsoft's documentation on (TLS) best practices.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.