The secure connection to the activation servers failed due to a TLS or certificate error.Solved

Hi,

We're using TurboActivate with C# and have started receiving TA_E_INET_TLS on the IsGenuine call. This has been happening on several Windows 11 PCs since yesterday, which was when we noticed. I'm not sure how long it's been happening for, since we have DaysBetweenChecks and GracePeriod implemented following your example. But it had been working fine since early 2025, and we didn't change anything in our code.

I updated TurboActivate to the latest v26, but it didn't help. Following the #internet-error FAQ, I can obviously reach the wyday website, since I'm here. I'm under the impression Windows 11 already uses TLS 1.3. I understand it's likely something on our side. Any pointers on what I should look for?

ago
Answer

I figured it out. It was our IT. They made some SSL Cipher updates. After reverting it, things work again. Hopefully this helps someone in the future.

ago

I'm glad you and your IT department figured it out. The FAQ does cover all this in broad terms: https://wyday.com/limelm/help/faq/#internet-error

Honestly, no one should modify cipher suites since TLS 1.3 was introduced. TLS 1.3 *already* reduces the number of allowed ciphersuites to 5 (or 6 depending on how you count it), and most OSes (including Windows) further limit this – in the case of Windows, they limit it to 3.

This is one of the big benefits of TLS 1.3 (reduced attack surface area by reducing the number of available cipher suites to a small handful of very good ones). There are other benefits of TLS 1.3 too, but that's beyond the scope of this questions.

So, if an IT department wants to enforce security they can just disable anything below TLS 1.3.

ago, edited ago
Reply
Discard post