Here's my scenario:
- We have an IIS (8.5.9600.16384) server1 (Windows Server 2012) and apps on .net 4.6 on it
- Apps (1) utilize WebApi app on IIS server1 via SSL
- We built new Windows Server 2022 with IIS (10.0.20348.1)
- We recompiled to .net 4.81 and migrated few apps from (1) to (3)
- Apps (4) are able to utilize WebApi app on IIS server1 via SSL
- We deployed new apps to server (3) - they are the same code base apps as apps (4) with only web.config different - connection string and few app related
- Apps (6) are unable to utilize WebApi app on IIS server1 via SSL (HTTPS), but able via HTTP
- We troubleshoot apps (4) and (6) with WireShark
- Apps (4) are communicating with WebApi app on IIS server1 via SSL properly with TLS 1.2 doing handshake and all while apps (6) for some reason try to communicate with TLS 1.1 and GET REJECTED BY WebApi app on IIS server1
Any clue? We tried How to specify SSL protocol to use for WebClient class it didn't help and we don't want to go to that level. The fundamental question is what makes apps (4) to communicate with WebApi app on IIS server1 via SSL properly with TLS 1.2 while new ones doesn't. The code is the same! DNS records for apps (4) and (6) are resolving to server (3). Any help will be appreciated.