Intermittent errors following Twitter’s SSL3 blocking

Oct 16, 2014 at 5:10 PM
We’ve been very satisfied users of your excellent package for quite some time. Thank you very much!

Since Twitter started blocking SSL3, we are seeing two kinds of exceptions roughly once every 500 API calls:
 LinqToTwitter.TwitterQueryException: Could not authenticate you - Please visit the LINQ to Twitter FAQ (at the HelpLink) for help on resolving this error.
   at LinqToTwitter.TwitterErrorHandler.<HandleUnauthorizedAsync>d__10.MoveNext()
 System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
If the SAME credentials are used after 10 minutes or so, then the problem usually goes away, and the API call to Twitter is completed successfully. This is not really an issue of authentication. If we retry the request after 1 min, it usually fails again.

The problem occurs mostly with posting, but occurs in other API calls as well.

We have added the following lines of code to try and force TLS, but the problem still occurs from time to time:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;  
ServicePointManager.MaxServicePointIdleTime = 5 * 1000; 
Any help would be much appreciated.

Thanks again!
Oct 16, 2014 at 6:29 PM

This is somewhat new to me, so I'll have to look at it closer. LinqToTwitter is PCL and doesn't have access to ServicePointManager, so I'll have to look at other options. Your statement that sets SecurityProtocol appears to be correct. I believe all communication with Twitter has to be Expect100Continue = false and I explicitly set that header to false inside of LINQ to Twitter, which is probably overriding your setting. I don't know how MaxServicePointIdleTime affects this scenario.

Apparently, there was another issue, in addition to Twitter disabling SSL3, that was resolved yesterday: Is this still happening today?

Oct 16, 2014 at 7:10 PM
Thanks. Yes, this is still occurring.

As for MaxServicePointIdleTime , we added this to try to get avoid reusing SSL connections that were created, but I am not sure it does anything.

Can we provide you with additional info?
Oct 18, 2014 at 6:48 PM

We finally found the exact conditions under which posting a tweet fail with that authorization error I described above. The tweet is sent from Azure (not the development environment) and contains a special character, such as an apostrophe or an exclamation mark. If the special character is removed, then the post goes out without any error.
This is similar to an error described in .
Do you think there is a simple way to solve this?

Oct 18, 2014 at 8:58 PM
Edited Oct 18, 2014 at 8:58 PM
Thanks for the info. Are you using the latest version of LINQ to Twitter v3.0.5? Can you post a query that reproduces this?

Oct 19, 2014 at 7:40 AM
We were able to resolve this issue by replacing in LinqToTwitterPcl/Net/Url.cs in the PercentEncode method the line:
return Uri.EscapeDataString(value);
            var result = Uri.EscapeDataString(value);
            result = result 
                 .Replace("!", "%21")
                 .Replace("'", "%27")
                 .Replace("(", "%28")
                 .Replace(")", "%29")
                 .Replace("*", "%2A");
            return result;
It turns out that EscapeDataString is implemented differently in Azure than on the development environment.
Marked as answer by JoeMayo on 10/19/2014 at 1:25 PM