Testing Azure function from Azure APIM is giving error "Could not create SSL/TLS secure channel."

Question

Hello,

I've deployed Azure Functions app to Azure APIM which is configured to run in Internal mode and when I tried testing it from the APIM test interface, It is giving me the folllowing error

forward-request (19.357 ms) { "messages": [ "Error occured while calling backend service.", "The request was aborted: Could not create SSL/TLS secure channel." ] }

Do I need to create a private endpoint in order to APIM connect with the backend function app? Any help is greatly appreciated.

Answer 1

Hello @Pavan Puligandla ,

There can be multiple reason why you see that issue.

Reason #1

Misalignment of TLS version on APIM and Azure Function App. Depending on security requirements it can be TLS 1.2 or TLS 1.3. TLS 1.2 is more common used.

Using the Azure Portal:

• Navigate to your Function App in the Azure portal.
• In the left-hand menu, under Settings, select Configuration.
• Go to the General settings tab.
• Locate the Minimum Inbound TLS Version setting.
• From the dropdown, select the desired minimum TLS version (e.g., TLS 1.2 or TLS 1.3).
• Click Save and confirm the changes.

Reason #2

MTLs authentication is enforced on Azure Function App end. There are 2 possible solutions:

1. Make APIM sending a client certificate to Azure Function App
2. Disable MTLs on Azure Function App side using the guideline below Azure Portal:
   • Navigate to your Function App in the Azure portal.
   • Under Settings, select Configuration.
   • Go to the General settings tab.
   • Locate the Client certificate mode option and select your desired setting Ignore.
   • Click Save.

Finally,

It's recommended to configure as much as possible internal resources in Azure. Having Private Endpoint configured for Azure Function App can enhance the security of API Integration. More internal - more secure.

If any of recommendations above work for you please Accept current answer or let me know if you have any additional questions.