4

I have an ASP.NET MVC website running .NET 4.5 in an Azure Website and I keep getting this error trying to retrieve or upload assets into Azure Blob Storage using the Azure SDK (version 4.3.0).

The request was aborted: Could not create SSL/TLS secure channel.

Microsoft.WindowsAzure.Storage.StorageException: The request was
aborted: Could not create SSL/TLS secure channel. --->
System.Net.WebException: The request was aborted: Could not create
SSL/TLS secure channel. at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T] (RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) ---
End of inner exception stack trace --- at
Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1
cmd, IRetryPolicy policy, OperationContext operationContext) at
Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient.GetBlobReferenceFromServer(StorageUri
blobUri, AccessCondition accessCondition, BlobRequestOptions options,
OperationContext operationContext) at
Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient.GetBlobReferenceFromServer(Uri
blobUri, AccessCondition accessCondition, BlobRequestOptions options,
OperationContext operationContext)

The error doesn't occur every time, but once it starts happening it happens continuously. Only when I scale the Azure website up or down to reset the site does the error stop. It will go a few hours or a few days and then it will come back again.

It seems like this started happening around the time of the Poodle vulnerability and sites shut down their support for SSL3. It seems like from the research I've done that this error could be if the Azure SDK is trying to connect to Azure Blob storage over SSL3. Since it works fine for a time, I wonder if some library in my app is setting the ServicePointManager.SecurityProtocol to SSL3, which is a global setting which Azure is then using from that point on causing the error. Any idea to determine if that is what is happening or how to find that code that is setting the fallback to SSL3?

Guvante
  • 18,775
  • 1
  • 33
  • 64
Austin
  • 4,638
  • 7
  • 41
  • 60
  • Can you check this thread http://forums.asp.net/post/1695893.aspx#1695893 – Lalit Kale Feb 03 '15 at 03:22
  • 1
    @ATechieThought I don't think that is the issue because that is related to having the right client certificate installed which isn't required to use the Azure SDK. The code also works fine for a while until it stops working. – Austin Feb 03 '15 at 03:31
  • 1
    It is certainly SSL-TLS issue. It is quite evident from exception message. Also try to see request headers from may be tool like fiddler. http://blogs.msdn.com/b/ieinternals/archive/2011/03/26/https-and-connection-close-is-your-apache-modssl-server-configuration-set-to-slow.aspx – Lalit Kale Feb 03 '15 at 06:27
  • I have a similar problem.. I was never able to reproduce it locally or on nearly identical other azure sites, just on the production site (maybe it's related to having more requests than dev-only sites?). What drives me crazy is that it works for a couple of days flawlessly, then starts giving this error.. and being a production environment, I cannot fiddle with it too much :( – Luke Oct 13 '17 at 10:51

2 Answers2

0

Please check your certificate permissions as discussed here: https://social.msdn.microsoft.com/Forums/azure/en-US/efb73b00-3610-4a21-ae16-80543451a4d0/windows-azure-dynamicscaling-problem?forum=windowsazuredevelopment

Meteorpoly
  • 938
  • 7
  • 6
  • 1
    Thanks for the link @Meteorpoly, but it isn't a certificate issue. If it were a certificate that was missing it would work at all and it works sometimes. I think I got to the bottom of it. I had ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls; instead of supporting all Tls like this: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; – Austin Feb 15 '15 at 22:16
  • @Austin - Could you please add this as an answer (it may be old, but it's the answer!) – GlennG Jan 02 '20 at 01:13
0

Removing and Reinstalling the Certificate fixed this for me after a reboot.

Michael Blake
  • 2,068
  • 2
  • 18
  • 31