microsoft
SSL Connection fails after update to version 25
1. Describe the bug
HttpClient call fails with: "The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. The message received was unexpected or badly formatted." in version 25, SaaS environment. In older versions and Docker, the same call works without problems.
2. To Reproduce
var Client: HttpClient; ... IsSuccessful := Client.Get('https://ufi.echa.europa.eu/ufi/createUFIByCount?startFormulationNumber=1&count=1', Response); if not IsSuccessful then begin Error(GetLastErrorText()); end;
This API is used to generate a unique identifier and has worked for years without any problems. Other ECHA API endpoints, e.g., https://api.ecs.echa.europa.eu/submission/v3, are working without any issues.
3. Expected behavior
The HttpClient call succeeds.
4. Actual behavior The HttpClient call fails with the following GetLastErrorText(): "The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. The message received was unexpected or badly formatted"
5. Versions:
AL Language: V14 Visual Studio Code: Business Central: 25.2.27863.0 (SaaS) List of Visual Studio Code extensions that you have installed: Operating System: [ *] Windows Linux MacOS Final Checklist Please remember to do the following:
[ X] Search the issue repository to ensure you are reporting a new issue
[ X] Reproduce the issue after disabling all extensions except the AL Language extension
[ X] Simplify your code around the issue to better isolate the problem Internal work item: AB#563933
May be, it has something to do with this:
https://www.kauffmann.nl/2024/12/02/httpclient-and-certificate-validation-in-business-central-v25/
Kind regards
May be, it has something to do with this:
https://www.kauffmann.nl/2024/12/02/httpclient-and-certificate-validation-in-business-central-v25/
Kind regards
I don't know because it started with that update, but in that post, it is stated that the change was reverted. So I don't understand why there has been a handshake failure since the update.
This issue is not related to the server certificates validation. Here the problem occurs even earlier. Indeed, it cannot establish the connection. After an initial investigation, I could repro it in 25 and 24, whereas I can see that it succeeds just fine in 23. @MarcE85 what older version is working for you?
The problem is due the third-party not supporting TLS1.3. We do have a fallback mechanism in case of failure. However, it seems that we experiencing some issues with that. As a result, it is now failing to fallback to TLS 1.2. This is a complicated issue as it's not directly related to Business Central but to other configuration properties. We will need to investigate this further.
I marked the issue as Accepted. We will investigate further and possibly get back when we have some news. Expect it to take some time as it is a rare and complicated issue which is not easy to debug.
We were unable to get a reliable repro for this issue, and telemetry indicated that the SSL connection failed with a handshake outside of Business Central itself. As such we have decided to close the issue internally, but please create a support ticket in future if experience similar issues. Support tickets help get better context to the environments where issues might be happening on live tenants.
