This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 43%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
We are encountering an intermittent issue: "Exception while performing SSL handshake" when connecting to Azure Cosmos DB for PostgreSQL 16 with Citus 12.
Exception:
Message: Exception while performing SSL handshake
Stacktrace:
at Npgsql.Internal.NpgsqlConnector.<RawOpen>d__217.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Npgsql.Internal.NpgsqlConnector.<<Open>g__OpenCore|213_1>d.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Npgsql.Internal.NpgsqlConnector.<Open>d__213.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at Npgsql.PoolingDataSource.<OpenNewConnector>d__31.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Npgsql.PoolingDataSource.<<Get>g__RentAsync|28_0>d.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Npgsql.NpgsqlConnection.<<Open>g__OpenAsync|45_0>d.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Npgsql.NpgsqlConnection.Open()
InnerException:
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken) at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at Npgsql.Internal.NpgsqlConnector.<RawOpen>d__217.MoveNext()
Message: The message received was unexpected or badly formatted.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi Deependra Singh •,
Welcome to Microsoft Q&A forum.
As I understand, you are trying to connect to to Azure Cosmos DB for PostgreSQL 16 with Citus 12 from Framework: .NET Core 3.1, and getting "Exception while performing SSL handshake" The message received was unexpected or badly formatted.
I am checking on this and will get back to you.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 1%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
Hi,
we have the same problem with Azure Cosmos DB for PostgreSQL. Two months ago we were creating other Azure Cosmos DB instances and they are running fine currently. A newly created instance a week ago shows the mentioned problems.
Specifications:
Library
Npgsql.EntityFrameworkCore.PostrgeSql 8.0.4
We tested different scenarios as the applications run side by side on the same server. That means, they also have the same TLS settings. We have currently revealed that applications running on Windows Server 2022 will connect to the new instance without issue. On older OS editions 2019, 2016, connecting to a new instance already shows problems with the SSL handshake. We also tried building an older version of PostgreSQL and the problem is still there. I remind, that connecting from the same server to instances created two months ago works normally.
Log:
Connection to first db Connection failed: Npgsql.NpgsqlException (0x80004005): Exception while performing SSL handshake ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.ComponentModel.Win32Exception (0x80090304): The Local Security Authority cannot be contacted --- End of inner exception stack trace --- at System.Net.Security.SslStream.ForceAuthenticationAsyncTIOAdapter at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) at Npgsql.Internal.NpgsqlConnector.NegotiateEncryption(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, Boolean isFirstAttempt) at Npgsql.Internal.NpgsqlConnector.NegotiateEncryption(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, Boolean isFirstAttempt) at Npgsql.Internal.NpgsqlConnector.RawOpen(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt) at Npgsql.Internal.NpgsqlConnector.<Open>g__OpenCore|213_1(NpgsqlConnector conn, SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt) at Npgsql.Internal.NpgsqlConnector.Open(NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken) at Npgsql.UnpooledDataSource.Get(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken) at Npgsql.NpgsqlConnection.<Open>g__OpenAsync|42_0(Boolean async, CancellationToken cancellationToken) at Npgsql.NpgsqlConnection.Open() at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenDbConnection(Boolean errorsExpected) at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternal(Boolean errorsExpected) at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.Open(Boolean errorsExpected) at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlDatabaseCreator.Exists(Boolean async, CancellationToken cancellationToken) at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlDatabaseCreator.Exists(Boolean async, CancellationToken cancellationToken) at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlDatabaseCreator.Exists() at Microsoft.EntityFrameworkCore.Storage.RelationalDatabaseCreator.EnsureCreated() at Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade.EnsureCreated() at db_tester.Program.CheckConnectionTContext Connection to second db Connection sucesss
Thank you.
.....
Hi Deependra Singh •,OndrejDanis •,
Just checking if you have checked the configurations mentioned in the previous comment.
If this does not work, I request you to please raise support case for deeper investigation of the issue.
Let us know if you need any help in doing the same.
Thanks
We've reviewed the configurations as previous comment mentioned, and everything is set up correctly, but the issue persists.
We have another instance with the same configuration used in staging environment, running the same application code, and it works without any problems. We're unsure what's happening at the instance level on Azure.
Thanks for the checking.
We've reviewed the configurations as mentioned in previous comment, and everything is set up correctly, but the issue persists.
We have another instance with the same configuration used in production, running the same application code, and it works without any problems. We're unsure what's happening at the instance level on Azure.
I would recommend you to please file a support ticket for deeper investigation and in case if you don't have a support plan, do let us know here so that we can check on other options to unblock you.
Thanks
Hi ShaktiSingh-MSFT,
My Azure account currently doesn't include a technical support plan. Could you please assist with this on your end? It would be greatly appreciated.
Thanks
Hi Deependra Singh •,
Thanks for your patience.
Could you please check SSL configuration at Database level.
Also, try to use upgrade version and retry.
Check the server-side TLS version settings and confirm that both client and server support TLS 1.2. You might also want to explicitly set the SslProtocols property in your .NET code to enforce TLS 1.2.
Let us know if this helped.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 6%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Modify the database connection string in the appseting.json file and add SSL Mode=disable at the end; Example: Server=localhost; Port=5432; Database=db_test; uid=test; pwd=123455666; SSL Mode=disable;