Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The SSL connection could not be established #33

Closed
vinodshinde opened this issue Jan 10, 2021 · 7 comments
Closed

The SSL connection could not be established #33

vinodshinde opened this issue Jan 10, 2021 · 7 comments

Comments

@vinodshinde
Copy link

I am getting following exception.
GetSearchAddress method is called from Azure App Service which is set for HTTPS only and TLS1.2 minimum.

Category: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware
EventId: 1
SpanId: b37489db0568894a
TraceId: 661bd106ebb74e47a2f4c303ad41b45b
ParentId: 0000000000000000
RequestId: 8000b892-0000-c600-b63f-84710c7967bb
RequestPath: /Appointment/ProviderSearch

An unhandled exception has occurred while executing the request.

Exception:
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.GetResult(Int16 token)
at System.Net.Security.SslStream.g__InternalFillHandshakeBufferAsync|182_0[TIOAdapter](TIOAdapter adap, ValueTask`1 task, Int32 minSize)
at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at AzureMapsToolkit.Common.BaseServices.GetData[T](HttpClient client, String url)
at AzureMapsToolkit.Common.BaseServices.ExecuteRequest[T,U](String baseUrl, U req)
at AzureMapsToolkit.AzureMapsServices.GetSearchAddress(SearchAddressRequest searchAddressRequest)

`var am = new AzureMapsToolkit.AzureMapsServices(_configuration[Constants.AzureMaps.Key]);

            var searchAddressRequest = new SearchAddressRequest
            {
                Query = searchAddress,
                Limit = 1
            };
            var resp = await am.GetSearchAddress(searchAddressRequest);
            if (resp.Error != null)
            {
                //TODO: Handle Address Geo Coding Error
            }
            else
            {
                var firstResult = resp.Result.Results.FirstOrDefault();
                if (firstResult != null)
                {
                    return new Point(firstResult.Position.Lon, firstResult.Position.Lat);
                }
            }`
@Tronald
Copy link

Tronald commented Feb 16, 2021

Also getting this exception. Did you ever figure it out?

@perfahlen
Copy link
Owner

No, I need to block some time to work with this library.

@Tronald
Copy link

Tronald commented Feb 16, 2021

I may have just been exceeding the S0 tier QPS rate. First time's I've had that issue occur, though but I no longer seem to be getting the exception.

@rbrundritt
Copy link
Contributor

Looks like where all HttpClient instances are created, the security protocal needs to be set to TLS 1.2:

var client = new HttpClient();  

//specify to use TLS 1.2 as default connection
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

All Azure services no longer (or soon will no longer) support TLS versions lower than 1.2 due to a known security issue.

@rbrundritt
Copy link
Contributor

That said, this setting is application wide. It might make sense for developers to set this themselves rather than doing this in this library.

@perfahlen
Copy link
Owner

Maybe add it as configurable in the library, default would be TLS 1.2

@rbrundritt
Copy link
Contributor

In .NET 4.6+, TLS 1.2 is the default. .NET 4.5 it is available but not the default. This looks like an edge case. May be easier to just document than to make any code changes, especially since this change effects the whole app and may cause issues elsewhere in their app that would become much harder to debug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants