【问题标题】:Need to enable TLS1.2 in server environment and disable TLS1.0 & 1.1需要在服务器环境中启用 TLS1.2 并禁用 TLS1.0 & 1.1
【发布时间】:2021-08-20 13:06:12
【问题描述】:

我们在服务器中禁用了 TLS1.0 和 1.1,仅启用了 TLS1.2。但是我们遇到了以下异常。

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()

我们尝试了以下解决方案。

  1. The underlying connection was closed: An unexpected error occured on a send

.Net 框架版本为 4.6.2。 有什么解决办法吗?

【问题讨论】:

  • 您使用的是哪个 Windows 版本?默认情况下,TLS1.2 应在仍受支持的所有 Windows 版本中使用。在 .NET 中,4.6.2 及更高版本自动使用操作系统的加密。这意味着您应该能够在 Windows 10 1903 及更高版本中使用 TLS1.3
  • 在旧的、不受支持的 Windows 版本中,您需要添加适当的更新或进行一些注册表调整以启用 TLS1.2
  • Windows Server 2019 @PanagiotisKanavos
  • Windows Server 2019,在代码中我们设置了 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls |安全协议类型.Tls11 |安全协议类型.Tls12 |安全协议类型.Ssl3;在 WebRequest @PanagiotisKanavos 之前
  • 当您说要禁用启用旧协议时,该行启用。反正也不需要。使用 Fiddler 之类的调试代理来检查客户端和服务器之间的协议协商。在CONNECT 调用中,请求包含客户端提供的参数,响应包含服务器接受的参数。

标签: c# tls1.2 webrequest


【解决方案1】:

只需放在应用程序的启动中:

  System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 ;
      

【讨论】:

  • 这是don't use TLS1.3 even if it's available。 .NET 4.6.2 中不需要它,因为该版本及其之后的每个版本都使用操作系统提供的最佳可用加密。如果操作系统不支持 TLS1.2,硬编码设置将无济于事
  • @Panagiotis Kanavos 问题是,仅启用了 TLS 1.2...
  • 这意味着根本不需要该行。仅在默认使用 TLS1.2 的 4.5.x 中需要它。
  • 我在 windows server 2019 和 .NET4.7 上遇到了同样的问题。唯一的解决方案是将 SecurityProtocol 设置为 TLS12。该框架默认不使用 TLS1.2 或更高版本。
  • @PanagiotisKanavos 目前我正在使用 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls |安全协议类型.Tls11 |安全协议类型.Tls12 |安全协议类型.Ssl3;
猜你喜欢
  • 2017-12-11
  • 2022-06-29
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2023-01-01
  • 2012-01-02
  • 1970-01-01
  • 2022-07-25
相关资源
最近更新 更多