Authentication issues with TLS 1.0 on Azure App Services

  • Description

    Microsoft has recently disabled support of TLS 1.0 on Azure App Services and switched to TLS 1.2 by default (see TLS plans for Azure App Service discussion). Technical details can be found here: TLS best practices with the .NET Framework.

    Any .Net call relying on TLS 1.0 is leading to authentication issues on Azure App Services:

    Exception
    System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --->
    System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. --->
    System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.


    Note: That does not affect Sitecore 9 deployments.

  • If you are not setting specific TLS version from the code, then you have to check the .Net Framework version used for standalone Web Apps:

    1. For .Net Framework version 3.5 – 4.5.2 (Sitecore 8.2) explicit setting of TLS version is required. Find the solution below.
    2. For .Net Framework version 4.6 - 4.6.2 (Sitecore 9) no issues were identified among Sitecore components. However, custom solutions may need to be tested.
    3. For .Net Framework version 4.7 and above no actions are required.


    Existing Installations

    Download and unzip Sitecore package published as a release artifact here: https://github.com/Sitecore/Sitecore-Azure-Quickstart-Templates/releases/download/v2.2.1/set_tlsVersion.scwdp.zip.

    Find a configuration patch and an assembly and include them within your solution.


    New Installations

    ARM templates (available at https://github.com/Sitecore/Sitecore-Azure-Quickstart-Templates) have been upgraded to include a fix into Web Deploy Packages.

September 05, 2018
September 05, 2018