Home » c# » c# – Connecting from HttpClient to API behind Azure FrontDoor using TLS 1.2

c# – Connecting from HttpClient to API behind Azure FrontDoor using TLS 1.2

Posted by: admin February 21, 2020 Leave a comment

Questions:

Azure Front Door is configured with minimum TLS 1.2.
The backend Azure App Service is also configured to use minimum TLS 1.2.

When running the .Net Framework 4.7.1 console app with the following code on Windows Server 2012 R2:

class Program
    {
        static async Task Main(string[] args)
        {
             ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
             var client = new HttpClient();

            try
            {

                var OK = await client.GetAsync("https://foo-appservice.azurewebsites.net/"); // App service.
                var NotOK = await client.GetAsync("https://foo.myfoo.io/"); // Front door.

            }
            catch (Exception e)
            {
               Console.WriteLine(e);
            }

            Console.ReadKey();
        }
    }

I get the following exception on the second call.

An error occurred while sending the request.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

Running this with curl from the same server works, however:

curl https://foo.myfoo.io/ -i --tlsv1.2 --tls-max 1.2

The same .net code runs fine from my other windows 10 laptop.

What can be the reason why the call fails on the windows server box?

Edit:

I think this has to do with custom domains, since performing a simple GET to the front door assigned domain works.

How to&Answers: