Phone Lines icon GFI Support Home

Articles in this section

See more

Virus definition update fails with SSL/TLS error.

Author: Andrei Bogdan Apostol Updated

Overview

It is impossible to download the latest virus definitions. The logs show the following error: 

Error: The request was aborted: Could not create SSL/TLS secure channel.

Solution

Virus definition updates take place over a secure connection (HTTPS). In a default installation, if this connection fails, the virus definitions cannot be updated.

As a workaround, please follow the steps below:

Configure .NET Framework to support strong cryptography

Since SSL has been retired in favor of TLS, we must configure the installed .NET Framework to support strong cryptography.

Open a new PowerShell window as Administrator and run the following commands:

On a 32 bit operating system (x86):

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

On a 64 bit operating system (x86_64):

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

Ensure that updates can go through

GFI MailEssentials can be configured to fall back to HTTP, in case a secure connection cannot be established. The procedure is described in the Setting MailEssentials to use HTTP to download updates article. Once completed, make sure that there aren't any firewall rules that prevent access to the update servers:

GFI MailEssentials downloads updates from the following locations over HTTP ports 80 and 443:

meupdate.gfi.com
support.gfi.com
*.mailshell.net
*.rules.mailshell.net
spamrazer.gfi.com
db11.spamcatcher.net
gfi-downloader-137146314.us-east-1.elb.amazonaws.com
cdnupdate.gfi.com
cdnpatches.gfi.com

GFI MailEssentials can also be configured to download updates through a proxy server. Refer to the Configuring Proxy Settings article for more information.

This connection issue is an environmental problem and is not related to GFI MailEssentials. Although these workarounds are in place, it is advised to investigate your environment for what is preventing the establishment of a secure connection.

Testing

After enabling strong encryption and allowing the fall back to HTTP, the updates are working as expected.

Related articles