The SSL connection could not be established

Question

The SSL connection could not be established

vinodshinde opened this issue 3 years ago · comments

I am getting following exception.
GetSearchAddress method is called from Azure App Service which is set for HTTPS only and TLS1.2 minimum.

Category: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware
EventId: 1
SpanId: b37489db0568894a
TraceId: 661bd106ebb74e47a2f4c303ad41b45b
ParentId: 0000000000000000
RequestId: 8000b892-0000-c600-b63f-84710c7967bb
RequestPath: /Appointment/ProviderSearch

An unhandled exception has occurred while executing the request.

Exception:
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.GetResult(Int16 token)
at System.Net.Security.SslStream.g__InternalFillHandshakeBufferAsync|182_0[TIOAdapter](TIOAdapter adap, ValueTask`1 task, Int32 minSize)
at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at AzureMapsToolkit.Common.BaseServices.GetData[T](HttpClient client, String url)
at AzureMapsToolkit.Common.BaseServices.ExecuteRequest[T,U](String baseUrl, U req)
at AzureMapsToolkit.AzureMapsServices.GetSearchAddress(SearchAddressRequest searchAddressRequest)

`var am = new AzureMapsToolkit.AzureMapsServices(_configuration[Constants.AzureMaps.Key]);

            var searchAddressRequest = new SearchAddressRequest
            {
                Query = searchAddress,
                Limit = 1
            };
            var resp = await am.GetSearchAddress(searchAddressRequest);
            if (resp.Error != null)
            {
                //TODO: Handle Address Geo Coding Error
            }
            else
            {
                var firstResult = resp.Result.Results.FirstOrDefault();
                if (firstResult != null)
                {
                    return new Point(firstResult.Position.Lon, firstResult.Position.Lat);
                }
            }`

Justin Gielski · Answer 1 · Wed Feb 17 2021 01:39:42 GMT+0800 (China Standard Time)

Also getting this exception. Did you ever figure it out?

Per Fahlén · Answer 2 · Wed Feb 17 2021 03:20:03 GMT+0800 (China Standard Time)

No, I need to block some time to work with this library.

Justin Gielski · Answer 3 · Wed Feb 17 2021 03:27:36 GMT+0800 (China Standard Time)

I may have just been exceeding the S0 tier QPS rate. First time's I've had that issue occur, though but I no longer seem to be getting the exception.

Ricky Brundritt · Answer 4 · Tue Feb 23 2021 04:49:00 GMT+0800 (China Standard Time)

Looks like where all HttpClient instances are created, the security protocal needs to be set to TLS 1.2:

var client = new HttpClient();  

//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

All Azure services no longer (or soon will no longer) support TLS versions lower than 1.2 due to a known security issue.

Ricky Brundritt · Answer 5 · Tue Feb 23 2021 04:54:12 GMT+0800 (China Standard Time)

That said, this setting is application wide. It might make sense for developers to set this themselves rather than doing this in this library.

Per Fahlén · Answer 6 · Tue Feb 23 2021 18:10:16 GMT+0800 (China Standard Time)

Maybe add it as configurable in the library, default would be TLS 1.2

Ricky Brundritt · Answer 7 · Wed Feb 24 2021 02:14:48 GMT+0800 (China Standard Time)

In .NET 4.6+, TLS 1.2 is the default. .NET 4.5 it is available but not the default. This looks like an edge case. May be easier to just document than to make any code changes, especially since this change effects the whole app and may cause issues elsewhere in their app that would become much harder to debug.