This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Hi,
When i try to enable ADE on our Azure Virtual Machines they keep failing due to an error:
VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.3.0.0] Failed to enable Azure Disk Encryption on the VM with the following exception details:
System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
When i try using RSA 2048 it tends to work but using 4096 or 3072 it fails, am i correct ot say that BitLocker ADE only supports the use of 2048 or does it actually support 4096 and 3072 as well?
What RSA size is recommended to be used?
Kind regards,
Ben
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Ben Woodman I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!
Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.
Issue: When trying to enable ADE on our Azure Virtual Machines they keep failing due to an error: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
Cause: Customer proxy was causing this issue.
If your issue remains unresolved or have further questions, please let us know in the comments how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 63%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi Ben,
As I know, Azure Disk Encryption (ADE) supports multiple RSA key sizes for encryption, including 2048, 3072, and 4096. Therefore, you should be able to use RSA key sizes other than 2048 for BitLocker ADE on your Azure Virtual Machines.
The error message you provided doesn't indicate any restrictions on the RSA key size for ADE. It appears to be related to a failure in establishing a secure channel (SSL/TLS) during the encryption process. This error could be caused by various factors, such as network connectivity issues or misconfiguration.
To troubleshoot the specific error you're encountering, you can perform the following steps:
Regarding the recommended RSA key size, it is generally recommended to use a minimum key size of 2048 bits for encryption. A 2048-bit RSA key is considered secure and widely accepted. However, if you have specific compliance or security requirements, you might consider using larger key sizes like 3072 or 4096 bits for added security. Keep in mind that larger key sizes may have a slight impact on performance.
In summary, ADE supports RSA key sizes of 2048, 3072, and 4096 bits. You should investigate the SSL/TLS error you're encountering by troubleshooting network connectivity and configurations.
I hope this helps with your query?
Hi,
Thanks for your response, it was very helpful regarding the RSA and what to start looking at. I have resolved this now, it ended up being our proxy that was causing the issues.
Thanks,
Ben
Proxy was the problem