-1

I have an application running in a k8s cluster in AzureChinaCloud behind an ingress (internal load balancer) which in turn sits behind an application gateway with a public ip. The DNS point the URL to the public ip and all nslookups are giving back the correct address. The endpoint is HTTPS and the certificate is good and in date and correctly configured on the listener of the application gateway. However 9 times out of 10 when I try the URL I am getting the below error

"Secure Connection Failed

An error occurred during a connection to blablabla SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

However intermittently it does load okay. I cant match the failure timestamps with any failed requests in the app gateway logs. I ran a wireshark and I am seeing some errors like [TCP Out-of-Order] I see some RST messages from the client to the server I also see some HTTP/1.1 403 Forbidden messages but I see some of these during the successful attempts also

DeirdreRodgers
  • 367
  • 1
  • 4
  • 17

1 Answers1

0

If you create a website in china cloud you apparently need to register it with ICP. Below are the details I got from Azure support

Problem Reason:

There seems to be an issue with ICP registration.

More details about ICP registration:

According to the ICP filling requirements of China's Ministry of Industry and Information Technology (MIIT) and China Public Security Ministry, a website is accessible only if the registration is completed and the filled information is accurate. In addition, the access should be suspended if any prohibited content is published or disseminated. If the website has not bound a custom domain, please bind your own custom domain with ICP filing for your websit

DeirdreRodgers
  • 367
  • 1
  • 4
  • 17