Why Can't I Connect to Azure App Configuration When Running on App Service, getting The request was aborted: Could not create SSL/TLS secure channel

Question

When running the following code to connect from my Azure App Service to Azure App Configuration I get the following "Could not create SSL/TLS secure channel" exception.

When I run the code on my dev machine (ie. dev machine connecting to Azure App Configuration) I have no problem. Note that my App Service is: Stack is .NET Framework Version ASP.NET 4.7

I get the same error when I try using ManagedIdentityCredential to connect.

var configurationRoot = configurationBuilder
                .AddAzureAppConfiguration(options =>
                {        
                    options
                        .Connect("Endpoint=blah;Id=blah;Secret=blah")
                        .Select(KeyFilter.Any, LabelFilter.Null)
                        .Select(prefix + ":*");
                }).Build();

Results in this error:

  The request was aborted: Could not create SSL/TLS secure channel.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
    
    Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
    
    Source Error:
    
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    
    Stack Trace:
    
    
    [WebException: The request was aborted: Could not create SSL/TLS secure channel.]
       System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +54006511
       System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +83
    
    [HttpRequestException: An error occurred while sending the request.]
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__6.MoveNext() +434
    
    [RequestFailedException: An error occurred while sending the request.]
       Azure.Core.Pipeline.<ProcessAsync>d__6.MoveNext() +1073
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessNextAsync>d__10.MoveNext() +802
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__9.MoveNext() +2483
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__5.MoveNext() +763
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__3.MoveNext() +508
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__8.MoveNext() +612
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__7.MoveNext() +508
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__1.MoveNext() +513
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__6.MoveNext() +1112
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       Azure.Core.Pipeline.<ProcessAsync>d__11.MoveNext() +689
    
    [AggregateException: Retry failed after 3 tries.]
       Azure.Core.Pipeline.<ProcessAsync>d__11.MoveNext() +1410
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__1.MoveNext() +513
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__1.MoveNext() +513
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<ProcessAsync>d__2.MoveNext() +598
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__1.MoveNext() +513
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__1.MoveNext() +513
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<ProcessAsync>d__1.MoveNext() +513
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Core.Pipeline.<SendRequestAsync>d__10.MoveNext() +570
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Azure.Data.AppConfiguration.<GetConfigurationSettingsPageAsync>d__42.MoveNext() +2153
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       Azure.Core.<AsPages>d__2.MoveNext() +479
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.GetResult(Int16 token) +119
       Azure.<GetAsyncEnumerator>d__6.MoveNext() +1338
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       Azure.<GetAsyncEnumerator>d__6.MoveNext() +1895
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.GetResult(Int16 token) +119
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<<LoadAll>b__4>d.MoveNext() +783
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<<LoadAll>b__4>d.MoveNext() +1278
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<CallWithRequestTracing>d__4.MoveNext() +809
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<CallWithRequestTracing>d__23.MoveNext() +310
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<LoadAll>d__15.MoveNext() +1606
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       Microsoft.Extensions.Configuration.AzureAppConfiguration.<LoadAll>d__15.MoveNext() +2641
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
       System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
       Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.Load() +429
       Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers) +292
       Microsoft.Extensions.Configuration.ConfigurationBuilder.Build() +249

Answer 1

Applications built on .NET Framewok 4.7+ use the operating system settings to determine the default security protocol for SSL/TLS connections. The error was received since the default version of SSL/TLS used by the App Service was not supported by the App Configuration server.

The default security protocol can be configured using registy settings as described here. For an App Service, a convenient way to enforce the recommended standard TLS 1.2 is through the TLS/SSL settings pane for the App Service resource in Azure Portal.

Based on Microsoft documentation on TLS Best Practices, it is recommended not to specify the TLS version in your .NET Framework application.

Answer 2

I solved this by adding the following to my global.asax.cs on the AppService.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Guess I'd like to understand why forcing things to TLS 1.2 worked. In any case hope this helps somebody.