I configured a CoreWCF service (.NET 6.0), containerized and hosted it as an Azure Container Apps. The clients that connect and use this service are Windows Forms (.NET Framework 4.6).
While doing some tests, I noticed that in computers with older versions of Windows, the connection to the container app generates the following error "Could not establish secure channel for SSL/TLS with authority [..]". I got this error when running the client on computers with Windows 7, 7 Embedded and Windows Server 2008 R2 Standard.
In all the machines I tried to install both the .NET FW 4.6 and 4.8 runtime, I also tried installing all the Windows Updates, but didn't manage solve the problem. Trying with the same application client on computers with recent Windows version, such as Windows 10, it connects to the CoreWCF service correctly, without any errors.
Doing some research on the internet, looking for a solution to my problem, I found this GitHub request , which apparently is the same error I'm getting. He's talking about TLS Chiper suites in older OS. (https://github.com/microsoft/azure-container-apps/issues/572). Unfortunately there is no answer to that request.
I tried contacting Azure Support about this problem, but they simply said that to connect to Azure Container App, I must use recent versions of Windows OS. But I'm not sure about that...
- Have you ever faced this problem with Azure Container Apps? Any solutions?
- Is there any way to force Azure container apps to use a specific TLS Chiper?
I was thinking to use maybe some sort of Proxy or a Middleware between CoreWCF service and clients, to bypass this problem, but I'm not sure if this helps.
There is no way to change the TLS chipers for Azure Container Apps currently. You'll need to wait until downgrading to less secure chipers is added to the service.