Unable to Establish SSL/TLS Connections from Azure VM without Public IP - ServerHello is 0 bytes

Copper Contributor

Hello everyone,

 

I've recently deployed an Ubuntu 20.04 VM on Azure. I've intentionally set it up without a public IP address, and my primary goal is to allow the VM to make outbound SSL/TLS connections, notably to websites like https://www.google.com.

 

To achieve this, I've configured the Network Security Group (NSG) associated with the VM to allow outbound HTTPS connections on port 443 originating from the VM's private IP.

However, I've run into a puzzling issue: despite my configurations, I cannot establish a successful SSL/TLS connection to any external website. I've tried analyzing the TLS handshake, and here's what I observed:

  • The ClientHello message is being sent successfully.
  • The response, which should be the ServerHello, is essentially empty (0 bytes).

 

This behavior makes me wonder:

  1. Have I missed or misconfigured something in my Azure setup that's causing this?
  2. Could there be a firewall or proxy within Azure's infrastructure that's preventing the ServerHello response from reaching my VM?

 

I'd greatly appreciate any insights or suggestions from the community to resolve this issue. Has anyone else encountered a similar problem, and how did you address it?

Thank you in advance for your help!

2 Replies
Have you tried the "Network security group test" from the Virtual Machine in the Azure Portal? This is a useful tool to check if the NSG rules are associated correctly with the VM (via the NIC or subnet) and behaving as you expect.