这是原始答案所没有的。我又加了些代码让它防弹。

ServicePointManager.Expect100Continue = true;
        ServicePointManager.DefaultConnectionLimit = 9999;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

如果客户端是一台windows机器，一个可能的原因可能是服务所需的tls或ssl协议未激活。

可以设置为:

控制面板->网络和Internet -> Internet选项->高级

向下滚动设置到“安全”，在两者之间进行选择

使用SSL 2.0 使用SSL 3.0 使用TLS 1.0协议 使用TLS 1.1 使用TLS 1.2

您可以尝试安装演示证书(一些ssl提供程序提供一个月的免费演示证书)，以确定问题是否与证书有效性有关。

另一种可能是正在执行的代码没有所需的权限。

在我的例子中，我在使用Visual Studio调试器测试对web服务的调用时得到了这个错误。Visual Studio没有以管理员身份运行，这导致了此异常。

这个错误是一般的，有很多原因导致SSL/TLS协商失败。最常见的是无效或过期的服务器证书，您可以通过提供自己的服务器证书验证钩子来解决这个问题，但这并不一定是唯一的原因。服务器可能需要相互身份验证，它可能配置了一组客户端不支持的密码，它可能有太大的时间漂移，以至于握手无法成功，还有很多其他原因。

最好的解决方案是使用channel故障排除工具集。channnel是负责SSL和TLS的SSPI提供者，您的客户端将使用它进行握手。看看TLS/SSL工具和设置。

另请参阅如何启用通道事件日志记录。

The top-voted answer will probably be enough for most people. However, in some circumstances, you could continue getting a "Could not create SSL/TLS secure channel" error even after forcing TLS 1.2. If so, you may want to consult this helpful article for additional troubleshooting steps. To summarize: independent of the TLS/SSL version issue, the client and server must agree on a "cipher suite." During the "handshake" phase of the SSL connection, the client will list its supported cipher-suites for the server to check against its own list. But on some Windows machines, certain common cipher-suites may have been disabled (seemingly due to well-intentioned attempts to limit attack surface), decreasing the possibility of the client & server agreeing on a cipher suite. If they cannot agree, then you may see "fatal alert code 40" in the event viewer and "Could not create SSL/TLS secure channel" in your .NET program.

The aforementioned article explains how to list all of a machine's potentially-supported cipher suites and enable additional cipher suites through the Windows Registry. To help check which cipher suites are enabled on the client, try visiting this diagnostic page in MSIE. (Using System.Net tracing may give more definitive results.) To check which cipher suites are supported by the server, try this online tool (assuming that the server is Internet-accessible). It should go without saying that Registry edits must be done with caution, especially where networking is involved. (Is your machine a remote-hosted VM? If you were to break networking, would the VM be accessible at all?)

在我公司的案例中，我们通过注册表编辑启用了几个额外的“ECDHE_ECDSA”套件，以修复当前的问题并防范未来的问题。但是如果你不能(或不愿意)编辑注册表，那么很多变通办法(不一定漂亮)就会出现在你的脑海中。例如:你的. net程序可以将它的SSL通信委托给一个单独的Python程序(它本身也可以工作，因为同样的原因，Chrome请求可能成功，而MSIE请求在受影响的机器上失败)。