How to fix the error EOF occurred in violation of protocol (_ssl.c:1129)

Narendra Sharma, Rahul 0 Reputation points
2023-11-26T08:21:41.9733333+00:00

Hi,

Azure Login’ is failing from internal jump server with below error. I’m getting this error only when we are forcing the traffic through Azure Firewall.

Error:

EOF occurred in violation of protocol (_ssl.c:1129)

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
607 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,288 questions
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
88 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,386 Reputation points Microsoft Employee
    2023-11-27T08:29:33.1+00:00

    Hello @Narendra Sharma, Rahul ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are getting "EOF occurred in violation of protocol (_ssl.c:1129)" error when trying to use Azure CLI command Azure Login on an internal jump server when all the traffic is forced through Azure Firewall.

    Are you restricting any outbound traffic on the Azure Firewall?

    Please refer the below reported issues for more information:

    https://github.com/Azure/azure-cli/issues/19456

    https://learn.microsoft.com/en-us/answers/questions/808229/when-trying-to-login-using-az-login-from-vm-throws

    Also refer the below docs which lists the proxy requirements or endpoints which needs to be whitelisted for Azure portal and Azure CLI access:

    Allow the Azure portal URLs on your firewall or proxy server: https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud

    Azure CLI endpoints for proxy bypass: https://learn.microsoft.com/en-us/cli/azure/azure-cli-endpoints?tabs=azure-cloud

    You also need to make sure that both TCP ports for HTTP (80) and HTTPS (443) are allowed.

    I've seen customers fixing this issue by enabling access to management.azure.com on ports 443 and 80 via the Azure Firewall.

    Refer: https://github.com/starkfell/100DaysOfIaC/blob/master/articles/day.61.azure.cli.behind.an.azure.firewall.md

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments