Authentication issues with TLS 1.0 on Azure App Services

  • Microsoft has recently disabled support of TLS 1.0 on Azure App Services and switched to TLS 1.2 by default (see TLS plans for Azure App Service discussion). Technical details can be found here: TLS best practices with the .NET Framework.

    Any .Net call relying on TLS 1.0 is leading to authentication issues on Azure App Services:

    System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --->
    System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. --->
    System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.

    Note: That does not affect Sitecore 9 deployments.

    You may also be interested in the following article: TLS 1.0 and 1.1 are deprecated for use with Azure Cache for Redis.

  • If you are not setting specific TLS version from the code, then you have to check the .Net Framework version used for standalone Web Apps:

    1. For .Net Framework version 3.5 – 4.5.2 (Sitecore 8.2) explicit setting of TLS version is required. Find the solution below.
    2. For .Net Framework version 4.6 - 4.6.2 (Sitecore 9) no issues were identified among Sitecore components. However, custom solutions may need to be tested.
    3. For .Net Framework version 4.7 and above no actions are required.

    Existing Installations

    Download and unzip Sitecore package published as a release artifact here:

    Find a configuration patch and an assembly and include them within your solution.

    New Installations

    ARM templates (available at have been upgraded to include a fix into Web Deploy Packages.

September 05, 2018
March 30, 2020