Azure WebJob “Could not create SSL/TLS secure channel”

8
votes

I have an Azure WebJob which when run locally works fine, yet when run in Azure it throws an exception. The WebJob is making an external call over HTTPS which in Azure produces this exception:

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.GetResponse()

I also tried setting the security protocol to TLS using ServicePointManager but this too had no effect on the exception. Here's a snippet of my code.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

var request = (HttpWebRequest)WebRequest.Create(url);
                request.Method = "GET";

Does Azure block WebJobs from internet access or am I doing something wrong?

2
azureazure-web-app-serviceazure-webjobsazure-webjobssdk
Also tried faking the certificate validation: ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };Ashley Poole
Same thing also happens if I make the same call from a WebApp too within Azure. Maybe it's something disabled on the underlying hosts?Ashley Poole
Does the cert of the external service have a certification chain up to a common CA cert? Or is it like a self-signed cert that you've trusted on your dev machine?BenV
It is using a certificate signed by a certificate authority. The domain is tls.so. I believe it's something to do with the fact the certificate uses SNI and Azure.Ashley Poole

2 Answers

2
votes

I ran into the same problem and finally managed to get it working with help from the below post on the MSDN forums:

https://social.msdn.microsoft.com/Forums/en-US/ca6372be-3169-4fb5-870f-bfbea605faf6/azure-webapp-webjob-exception-could-not-create-ssltls-secure-channel?forum=windowsazurewebsitespreview

It seems Microsoft deployed a fix for this problem last month (October 2015), but I also had to set:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;

Note that I left out SecurityProtocol.Tls as it doesn't seem to be supported as mentioned by a Microsoft employee in one of the replies on the MSDN topic:

The client hello from .NET code running inside a web app shows that it is trying to use TLS v1.0 with TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ciphers that are obviously not supported on the server. In .NET 4.5 you can ask it to use a different protocol version and then things start working for me once I do that.

0
votes

Try scaling to a basic tier. It seems like SSL/TLS is not supported on the Free/Shared tier, even if you are using them by file (not the certificate store).