Azure text-to-speech is not accessable in Windows 2012 r2

Denys Soroka 1 Reputation point
2020-09-23T04:13:05.65+00:00
  1. https://azure.microsoft.com/en-us/updates/azuretls12/ - here MS says that they are going to switch to tls12, it is okey. Win2012r2 support this version of TLS.
  2. Here the list of cipher that win10 supports: https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10--version-1507 It contains following ciphers suites TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  3. Here the list of cipher that win2012r8 (aka win8.1) supports: https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8-1 It does not contain the cipher suites from above
  4. And this is Azure endpoint of text-to-speech API: https://southeastasia.tts.speech.microsoft.com/cognitiveservices/v1 With help of this utils https://github.com/rbsec/sslscan i have scanned the site above to see what cipher suites it supports

    sslscan.exe --tls1.2 southeastasia.tts.speech.microsoft.com

    ...
    Connected to 20.43.132.2
    Testing SSL server southeastasia.tts.speech.microsoft.com on port 443 using SNI name southeastasia.tts.speech.microsoft.com
    ...
    Supported Server Cipher(s):
    Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 <<< win10 only
    Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 <<< win10 only
    Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve 25519 DHE 253 <<< non-win at all
    ...

It appears that text-to-speech TLS supports only three suites:

  • one is not supported by any windows version,
  • and other two are supported only by windows 10

So win2012 server is not supported by azure text-to-speech. Does anybody know how to handle this situation w/o throwing my 2012 servers out?

P.S. Duplicated question in stackoverflow https://stackoverflow.com/questions/64020840/azure-text-to-speech-is-not-accessable-in-windows-2012-r2

UPDATE: as for 2020-10-04 the scanning gives five cipher suites:

...
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve 25519 DHE 253
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve 25519 DHE 253
...

Last two ones are supported by win2012r2 (and by win2008r2). So for now problem is resolved by MS

Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
2,354 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. romungi-MSFT 41,861 Reputation points Microsoft Employee
    2020-09-23T08:27:54.723+00:00

    @Denys Soroka I have tested this scenario with a simple request to get a access token from one of my speech resource from Azure with a powershell request from a windows2012 r2 instance I deployed on Azure. Here is the response of this scenario where the API works fine from the machine.

    26859-image.png

    If you have an on-prem machine then you can try to create one windows 2012 r2 machine and list the systeminfo of the machine to match your on-prem and try a similar request to call the API. I hope this information helps in using the API. Thanks, Please accept this response as answer if it helps.

  2. Seung Hyun Park 1 Reputation point
    2022-01-22T01:05:36.427+00:00

    The issue was back.

    I found that Azure TTS Service API did not work on Windows 8/8.1/Server2012/Server2012R2 since 2022-01.
    It has worked well until 2021-11 at least .

    I spent a lot of time for TLS handshaking issue of Azure TTS Service API and found the actual reason.

    It was TLS cipher suite issue of Azure TTS Service API Server.

    I executed sslscan to westus2.tts.speech.microsoft.com and the result was as the following; 

    westus2.tts.speech.microsoft.com 
Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253 
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve 25519 DHE 253 
Accepted  TLSv1.2  256 bits  ECDHE-RSA-CHACHA20-POLY1305   Curve 25519 DHE 253

    I compared packet capturing result of WireShark between Windows 8.1 and Windows 10.

    The result of Windows 10 has ECDHE-RSA-AES128-GCM-SHA256 and ECDHE-RSA-AES256-GCM-SHA384 but the result of Windows 8.1 does not.

    So, Azure TTS API cannot work on Windows8/8.1/Server2012/Server2012R2 and it must be fixed by MS.

    0 comments