I'm trying to post index by using ApiKey and .NET library, but I got an error.
Dim auth = New ApiKeyAuthenticationCredentials("ApiKeyID", "ApiKey" )
Dim settings = New ConnectionConfiguration("CloudID", auth)
Dim client = New ElasticLowLevelClient(settings)
esResponse = client.Index(Of BytesResponse)(AxesConfig.Current.ElasticsearchIndexTransaction + "-" + NoSit, "1", PostData.Serializable(jObj))
Unsuccessful () low level call on PUT: /transaction-00116/_doc/1
# Audit trail of this API call:
-  BadResponse: Node: https://***.eastus2.azure.elastic-cloud.com:9243/ Took: 00:00:00.8145147
# OriginalException: Elasticsearch.Net.ElasticsearchClientException: The request was aborted: Could not create SSL/TLS secure channel.. Call: Status code unknown from: PUT /transaction-00116/_doc/1 ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at Elasticsearch.Net.HttpWebRequestConnection.Request[TResponse](RequestData requestData)
--- End of inner exception stack trace ---
<Request stream not captured or already read to completion by serializer. Set DisableDirectStreaming() on ConnectionSettings to force it to be set on the response.>
This indicates a problem with establishing a HTTPS connection. Based on the stacktrace provided, it looks like you're targeting an older version .NET Framework that uses the older
System.Net.HttpWebRequest type for HTTP.
My suspicion is that the version of .NET Framework is not configured to support the version of TLS that Elasticsearch Service on Cloud is using; If I recall correctly, the service uses TLS 1.2, which older .NET Framework versions may not be configured by default to support.
A couple of different options that I would recommend
Update to a newer .NET Framework version that supports TLS 1.2 by default
ServicePointManager.SecurityProtocol to use TLS 1.2. If patches have been applied that default the OS to use TLS 1.2, then setting
SecurityProtocolType.SystemDefault will work. Otherwise, it can be set to
SecurityProtocolType.Tls12 or the int value
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
Bear in mind that changing this property affects TLS for all HTTPS connections from the AppDomain.
Thanks for that complete answer. I'm still trying to figure out how to force the TLS version in VB.NET 4.6.1.
But the question I have is why APM work without issue?
I fixed it with
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 just before
I don't know if it's the best solution, but it's working.
I tried the following without succeed:
Happy it works for you! Note, you only need to call this once for the lifetime of the application and before any call is made, so somewhere in application startup is best.
I think it may be because all of .NET APM agent's HTTP calls are based on
System.Net.Http.HttpClient and not
This implies to me that the OS may not be patched to support TLS 1.2 by default. You can check the Windows registry for
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.