Tls 1.2 fix

[binraider]

I added SecurityProtocol declaration in the AzureFileSystem constructor so that we can use the V1 version with Blob Storage with TLS 1.2

[Jeavon]

Hi @binraider If you have the https://our.umbraco.com/packages/developer-tools/codesharetls12umbraco/ package installed or your set 1.2 in your own code then this change shouldn't be needed?

[binraider]

I did install that code into an event handler on 16 sites last week, but when i pushed one of them into a slot and switched the Blob storage to TLS 1.2 on that site i got azure connection errors. (Microsoft.WindowsAzure.Storage.StorageException: The remote server returned an error: (400) Bad Request.) Adding the declaration into the AzureFileSystem constructor cured the problem.

[Jeavon]

Hmm, something else may have changed it back, most recent wins.

[binraider]

Hi Jeavon, does that mean you will add the declaration then? If that turns out to be the case will there be an updated package as well?

[Jeavon]

What event did you use?

[binraider]

The one in Pauls blog post:

public class TlsBootstrapper : ApplicationEventHandler {
    protected override void ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext) {
      if (ServicePointManager.SecurityProtocol.HasFlag(SecurityProtocolType.Tls12) == false) {
        ServicePointManager.SecurityProtocol = ServicePointManager.SecurityProtocol | SecurityProtocolType.Tls12;
      }
    }
  }

I added this class to every websites Lib project in the EventHandlers folder

[Jeavon]

That should do it, anything else installed that might be resetting the version? I would need to test on a v7 site and see what happens.
I know on v8 it works with min TLS set to 1.2 on the storage account, but Umbraco v8 is setting the ServicePointManager itself.

[binraider]

There are no other references to the ServicePointManager in my test project (test branch of a client project). The project that i have been locally swapping out various edited versions of the UmbracoFileSystemProviders.Azure dll is 7.13.2, but i try to stay as close to stock as possible.

[Jeavon]

I'll have a test tomorrow and let you know.

[binraider]

Thanks

[binraider]

Is there any movement on this?

[ja0b]

Hi there ✋ any updates on this? I got hit by this today while migrating a v7.15.7 site. The temp fix was to change the storage account minimum TLS version to 1.0 as suggested by Chris here https://our.umbraco.com/forum/using-umbraco-and-getting-started/94221-image-processor-400-error not ideal but at least is working.

Update: I decided to install https://our.umbraco.com/packages/developer-tools/codesharetls12umbraco/ and change back the storage account TLS version to 1.2 and it seems to work.

[wcowie]

Hi, running into the same issue, installed [https://our.umbraco.com/packages/developer-tools/codesharetls12umbraco/] to no avail. Also tried manually overriding the ApplicationEventHandler events but seems the I get the (400) Bad Request before they are triggered.

[c9mb]

I'm running into the same issue.

I have multiple v7 sites on UC using UmbracoFileSystemProviders.Azure-v1.1.1 to access AzureBlobStorage accounts.

I have enabled TLS-1.2 on the sites using Paul Seal's example code, but when I enable min-TLS-1.2 on the AzureBlobStorage accounts, I get bad-request errors - resulting in a total no-go for the site - and the only fix is to drop the min-TLS on the AzureBlobStorage accounts to 1.0 - which is obviously hitting a hard-limit with Microsoft's EOL on TLS 1.0/1.1

[c9mb]

FWIW - I have TLS-1.2 support enabled in ApplicationStarting but that didn't enable TLS-1.2 request from this provider, so I downloaded and compiled the project locally with this PR included, and it fixes the TLS-1.2 request issue.

[Jeavon]

For anyone who is seeing this issue could you please confirm which .net framework your project is targeting?