Azure Hybrid Connection Cipher Suite Issue

Christian Schou - DanofficeIT 6 Reputation points
2022-01-04T21:57:43.137+00:00

Hello

I have developed a .NET Core Web API and hosted it locally and it has been running fine without any errors. After testing is done in the local environment I deployed the API to Azure Web App (Linux) and made the endpoint available for the public if they are authenticated. I have also configured an Azure Hybrid Connection for the SQL Server and the status in the Connection Manager on the SQL server and in Azure both says "Connected". When making telnet to the SQL Server from the App Service SSH terminal I get the following result:

root@someidhere:~/site/wwwroot# curl -v telnet://sqlserver:1433
* Expire in 0 ms for 6 (transfer 0x55d3ee710fb0)
* Expire in 1 ms for 1 (transfer 0x55d3ee710fb0)
* Expire in 5 ms for 1 (transfer 0x55d3ee710fb0)
* Expire in 2 ms for 1 (transfer 0x55d3ee710fb0)
* Expire in 5 ms for 1 (transfer 0x55d3ee710fb0)
* Expire in 5 ms for 1 (transfer 0x55d3ee710fb0)
* Expire in 8 ms for 1 (transfer 0x55d3ee710fb0)
*   Trying 127.0.0.14...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55d3ee710fb0)
* Connected to sqlserver (127.0.0.14) port 1433 (#0)

Everything looks good in the cloud. Now when a client requests one of my API endpoints connected to the on-premise database through the hybrid connection it makes a Gateway Time-out. The connection string in the API is picked up and a request is sent to the SQL Server. From the Event Viewer on the SQL Server I can see the following two error logs:

  1. An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
  2. A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

I have enabled TLS 1.2 on the server and enabled all possible Cipher Suites to see if that would make anything better.

Have anyone experienced something like this before or even better - can anyone help me in a direction for a solution?

Thanks in advance.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,756 questions
{count} vote

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.