Backup to Backblaze stopped working

About 8 Days ago my automated backup to Backblaze stopped working with the error down below. I then tried to update Mono as that seemed to have solved issues in the past. It did not for me.
Now I do not know what changed or what I can do. The error log is down below. Duplicati is running on a Linux 18.04 VM:
System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00057] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in <bd46d4d4f7964dfa9beea098499ab597>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000e] in <bd46d4d4f7964dfa9beea098499ab597>:0 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x00044] in <bd46d4d4f7964dfa9beea098499ab597>:0 --- End of inner exception stack trace --- at Duplicati.Library.Main.BackendManager.List () [0x00049] in <8f1de655bd1240739a78684d845cecc8>:0 at Duplicati.Library.Main.Operation.FilelistProcessor.RemoteListAnalysis (Duplicati.Library.Main.BackendManager backend, Duplicati.Library.Main.Options options, Duplicati.Library.Main.Database.LocalDatabase database, Duplicati.Library.Main.IBackendWriter log, System.String protectedfile) [0x0000d] in <8f1de655bd1240739a78684d845cecc8>:0 at Duplicati.Library.Main.Operation.FilelistProcessor.VerifyRemoteList (Duplicati.Library.Main.BackendManager backend, Duplicati.Library.Main.Options options, Duplicati.Library.Main.Database.LocalDatabase database, Duplicati.Library.Main.IBackendWriter log, System.String protectedfile) [0x00000] in <8f1de655bd1240739a78684d845cecc8>:0 at Duplicati.Library.Main.Operation.BackupHandler.PreBackupVerify (Duplicati.Library.Main.BackendManager backend, System.String protectedfile) [0x0005f] in <8f1de655bd1240739a78684d845cecc8>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at CoCoL.ChannelExtensions.WaitForTaskOrThrow (System.Threading.Tasks.Task task) [0x00050] in <9a758ff4db6c48d6b3d4d0e5c2adf6d1>:0 at Duplicati.Library.Main.Operation.BackupHandler.Run (System.String[] sources, Duplicati.Library.Utility.IFilter filter, System.Threading.CancellationToken token) [0x00009] in <8f1de655bd1240739a78684d845cecc8>:0 at Duplicati.Library.Main.Controller+<>c__DisplayClass14_0.<Backup>b__0 (Duplicati.Library.Main.BackupResults result) [0x0004b] in <8f1de655bd1240739a78684d845cecc8>:0 at Duplicati.Library.Main.Controller.RunAction[T] (T result, System.String[]& paths, Duplicati.Library.Utility.IFilter& filter, System.Action1[T] method) [0x0011c] in <8f1de655bd1240739a78684d845cecc8>:0 `

We have the same problem?

Error message is “Error while running Cloud. The request was aborted: Could not create SSL/TLS secure channel.”

A similar error message results when clicking on the Test Connection button on the Backup Destination tab - BackBlaze B2 backup destination.

Backblaze stopped support of TLS v1 and TLS v1.1 with effect 9th April.

The workaround for me was to add this option into Settings:

–allowed-ssl-versions=Tls12

3 Likes

My last successful backup was on April 12 around 11am. Tried setting the allowed-ssl-versions to Tls12 using the Duplicati UI, but still get the error “Error: SecureChannelFailure (The authentication or decryption has failed.)”.

Welcome to the forum @Borega and @rhodesm

Is that Ubuntu 18.04? If so, mono that ships with it is too old to do TLS 1.2 (or support Duplicati 2.0.5.1).

Could anyone seeing this not fixed with @Foiler –allowed-ssl-versions=Tls12 change please give

  • mono --version output
  • Duplicati version
  • OS including the version

Secure Socket Layer (SSL) / Transport Layer Security (TLS) from the Mono project has a test technique possibly adaptable to Backblaze, but I don’t have an old enough mono handy to see if will fail. You can try:

csharp -e 'new System.Net.WebClient ().DownloadString ("https://api.backblazeb2.com")'

If you can get a TLS 1.2 connection, you get a web page. If you can’t, I assume some error will be shown.
Only mono 4.8 and above can do TLS 1.2. Duplicati 2.0.5.1 requires at least mono version 5.0.0 though…

Security Update on Transport Layer Security 1.0 and 1.1 Deprecation was the announcement, although it was announced as effective April 9. If it got delayed a bit (or maybe rolled out slowly), that might explain it.

EDIT:

If you need a newer mono, you can check your distro repo, but if that fails you might be able to get it here. Although it’s kind of large, mono-complete is probably the most likely to have all pieces that you will need.

Hi thank you for the reply. I changed –allowed-ssl-versions=Tls12 only via the webgui. Still I cant connect to Backblaze.
Regarding your Questions:
Mono version is: Mono JIT compiler version 6.12.0.122 (I installed mono-complete)
Duplicati version: 2.0.5.1_beta_2020-01-18
OS: Ubuntu 18.04.5 LTS

csharp -e 'new System.Net.WebClient ().DownloadString ("https://api.backblazeb2.com")'
results in a webpage returned. So tls 1.2 should work.

When running a connection test in settings I get the following error 17 Apr 2021 10:12: Request for http://127.0.0.1:8200/api/v1/remoteoperation/test gave error System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00057] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in <bd46d4d4f7964dfa9beea098499ab597>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000e] in <bd46d4d4f7964dfa9beea098499ab597>:0 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x00044] in <bd46d4d4f7964dfa9beea098499ab597>:0 --- End of inner exception stack trace --- at Duplicati.Library.Utility.AsyncHttpRequest+AsyncWrapper.GetResponseOrStream () [0x0004d] in <b0ec73cdc8b845289fe2e9bdf696ccd0>:0 at Duplicati.Library.Utility.AsyncHttpRequest.GetResponse () [0x00044] in <b0ec73cdc8b845289fe2e9bdf696ccd0>:0 at Duplicati.Library.Backend.Backblaze.B2AuthHelper.get_Config () [0x0005c] in <73ca51d8d90b49929cead0961421850d>:0

That’s the very latest according to today’s Mono project download page.

Did you restart Duplicati or the system after mono install? If you run Duplicati as a service, you can do

sudo systemctl restart duplicati

or if you start Duplicati some other way, do that, but it will be on old mono (what was it?) until restarted.

Thanks for your guidance! I’ll try updating Mono. My info and test results are below.

I’m on:

  • ubuntu 18.04.3 LTS (elementary OS 5.1.7 Hera)
  • Mono JIT compiler version 4.6.2 (Debian 4.6.2.7+dfsg-1ubuntu1)
  • Duplicati - 2.0.5.1_beta_2020-01-18
  • Linux 5.4.0-70-generic #78~18.04.1-Ubuntu SMP Sat Mar 20 14:10:07 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Test results:
$ csharp -e ‘new System.Net.WebClient ().DownloadString (“https://api.backblazeb2.com”)’
System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) —> System.IO.IOException: The authentication or decryption has failed. —> System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00057] in <1d0bb82c94e7435eb09324cf5ef20e36>:0
at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in :0
at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000e] in :0
at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte buffer) [0x00044] in :0
— End of inner exception stack trace —
at System.Net.WebClient.DownloadDataInternal (System.Uri address, System.Net.WebRequest& request) [0x0008a] in :0
at System.Net.WebClient.DownloadString (System.Uri address) [0x00027] in :0
at System.Net.WebClient.DownloadString (System.String address) [0x00019] in :0
at .Host (System.Object& $retval) [0x00006] in <4443885877114c518fdaede0fc8e1371>:0
at Mono.CSharp.Evaluator.Evaluate (System.String input, System.Object& result, System.Boolean& result_set) [0x0003e] in <2edf71afecba432e8943ff8d46840929>:0
at Mono.CSharpShell.Evaluate (System.String input) [0x00000] in <693eac6b8b7545318543ea23138aba75>:0

This will have problems though I guess you haven’t hit them. It needs v5, and next Beta needs v5.10.
Remember to restart Duplicati (or the system) after upgrading mono in order to get Duplicati using it.

Guaranteed on a 2016 release. Mono 4.8.0 Release Notes in 2017 is where initial TLS 1.2 was added…

I was an idiot. Ofc restarting duplicati did the job. Thank you for your very swift help!

1 Like

Thank you for your guidance! My backups are working again. Updating mono was the solution. Since I’m on elementary OS Hera (Ubuntu 18.04), I had to use the source you mentioned since version 4.6.2 was the latest available in my repo. Thanks again!!!

1 Like