Description

Microsoft has recently disabled support of TLS 1.0 on Azure App Services and switched to TLS 1.2 by default (see TLS plans for Azure App Service discussion). Technical details can be found here: TLS best practices with the .NET Framework.

Any .NET call relying on TLS 1.0 leads to authentication issues on Azure App Services:

Exception
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --->
System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.

Note: That does not affect Sitecore XP 9.0 and later deployments.

You might also be interested in the following article: TLS 1.0 and 1.1 are deprecated for use with Azure Cache for Redis.

Solution

If you are not setting specific TLS version from the code, then you have to check the .NET Framework version used for standalone Web Apps:

• For .NET Framework version 3.5 – 4.5.2 (Sitecore XP 8.2) explicit setting of TLS version is required. Find the solution below.
• For .NET Framework version 4.6 - 4.6.2 (Sitecore XP 9.2) no issues were identified among Sitecore XP components. However, custom solutions might need to be tested.
• For .NET Framework version 4.7 and above no actions are required.

 

Existing Installations

Download and unzip Sitecore XP package published as a release artifact here:
https://github.com/Sitecore/Sitecore-Azure-Quickstart-Templates/releases/download/v2.2.1/set_tlsVersion.scwdp.zip.

Find a configuration patch and an assembly and include them within your solution.

New Installations

ARM templates (available at https://github.com/Sitecore/Sitecore-Azure-Quickstart-Templates) have been upgraded to include a fix into Web Deploy Packages.