I'm having trouble with the tool that I use to upload images to the CloudFlare website. This tool works fine and continues to function if there is no pause between requests> 1 hour. After this pause, an exception occurs on the next connection attempt.
A first chance exception of type 'System.Net.WebException' occurred in System.dll System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.GetResponse()
I tried using the debugger to push it deeper, but there was no InnerException, and it seems that the actual problem came from SChannel before any connection was made. This can easily be used with the following small program:
class Program { static void Main(string[] args) { Console.WriteLine("Initial connection attempt, this should succeed:"); RunCFRequest(); Console.WriteLine("Wait 70 minutes for next connection attempt..."); Thread.Sleep(70*60*1000); Console.WriteLine("Second connection attempt, this one should reproduce the failure:"); try { RunCFRequest(); } catch (Exception exc) { Console.WriteLine(exc.ToString()); } Console.WriteLine("Performing another connection attempt after failure to verify we continue working:"); RunCFRequest(); Console.WriteLine("Demo complete. Press any key to exit."); Console.ReadKey(); } private static void RunCFRequest() { Console.WriteLine("Attempting connection at " + DateTime.Now); var request = (HttpWebRequest) WebRequest.Create("https://up1.ca"); using (var response = request.GetResponse()) { using (var responseStream = response.GetResponseStream()) { using (var streamReader = new StreamReader(responseStream)) { string recvd = streamReader.ReadToEnd(); Console.WriteLine("Successfully read stream, got " + recvd.Length + " bytes of data"); } } } } }
Is there something wrong with this simple code? I tried to perform packet capture to decide why this was happening.
Capture is available at https://up1.ca/#4MMkdD_u8v5pLAsSvrCtHw in pcapng format.
The capture contains 3 TCP streams, they can be accessed using the following wire filters:
- tcp.stream eq 0 = inital connection, successfully
- tcp.stream eq 1 = second connection after 70 minutes, this fails with the above exception
- tcp.stream eq 2 = one more attempt after processing and ignoring this exception, it succeeds
Based on my capture, I think it has something to do with how CloudFlare resumes an SSL session. Are there any known issues with HttpWebRequest or Microsoft SChannel itself and SSL renewal, or is this a problem specific to CloudFlare? I have successfully replicated this issue on several CloudFlare sites, but I have not experienced this while directly using my own server. However, I do not have SSL renewal.
Any help or even wild theories are appreciated. I am not sure where to go from here, I would be grateful if someone could take a look at the capture, I will inform CF if necessary.