禁用密码锁

ADBlock阻止了网站上的某些内容

ADBlock errore

The request was aborted: Could not create SSL/TLS secure channel

StackOverflow https://stackoverflow.com/questions/2859790

We are unable to connect to an HTTPS server using WebRequest because of this error message:

The request was aborted: Could not create SSL/TLS secure channel.

We know that the server doesn't have a valid HTTPS certificate with the path used, but to bypass this issue, we use the following code that we've taken from another StackOverflow post:

private void Somewhere() {
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AlwaysGoodCertificate);
}

private static bool AlwaysGoodCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) {
   return true;
}

The problem is that server never validates the certificate and fails with the above error. Does anyone have any idea of what should I do?


I should mention that a colleague and I performed tests a few weeks ago and it was working fine with something similar to what I wrote above. The only "major difference" we've found is that I'm using Windows 7 and he was using Windows XP. Does that change something?

????????(????????????,????????);

?????Windows XP???,?Windows 7?,??????????:

// using System.Net;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// Use SecurityProtocolType.Ssl3 if needed for compatibility reasons

???,???????


??

??????Robin??;????????PayPal?????,???,??????SSL3???12?,2018?3,?????TLS?????????

其他提示

??????,?.NET 4.5?

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

??????.NET 4.5,????

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

??ServicePointManager????HttpWebRequest???????,??????????

??:

        ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
               | SecurityProtocolType.Tls11
               | SecurityProtocolType.Tls12
               | SecurityProtocolType.Ssl3;

        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

??:

        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")

        ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
               | SecurityProtocolType.Tls11
               | SecurityProtocolType.Tls12
               | SecurityProtocolType.Ssl3;

???????,ASPNET??????????????winhttpcertcfg.exe???

,????????????????: http://support.microsoft.com/kb/901183

??2???????

??:????IIS???,???????????? - ??????????????????????????????:? https://serverfault.com/questions/131046/how-to-grant-iis-7-5-access-to-a-certificate-in-certificate-store/132791#132791

???????,??????SSL / TLS???????????????????????????,???????????????????????????,??????????????????????,???????????????????,????????????,????,????????

??????????SChannel?????????? SChannel???SSL?TLS???????SSPI????????? TLS / SSL?????

????????Schannel?????

??????,??? https://ct.mob0.com/Styles/Fun.png,???CloudFlare?????CDN????????SPDY??????SSL???

?????

????SSL3?????????????Tls12??????:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
new WebClient().DownloadData("https://ct.mob0.com/Styles/Fun.png");

????ASP.NET???????????,????????????????????????IIS?????????Web???????,??????,???LocalSystem?????NetworkService???

??????????????????NetworkService????,?????,???????????

??????????????????,?????

ServicePointManager.Expect100Continue = true;
        ServicePointManager.DefaultConnectionLimit = 9999;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

?????????????????????????????,???????,??????????????????????????

“???????”

?“?????:????SSL / TLS????”?????????? HTTP 401??????HTTP??

,????????

??,?????????????System.Net???????????????????????

????????,????????????,?????????????:

System.Net Information: 0 : [9840] Connection#62912200 - Received status line: Version=1.1, StatusCode=401, StatusDescription=Unauthorized.

?????,??????????Cookie?????,????????401??,????????“????SSL / TLS????”??????

?????????????????????????:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

??????????????.NET??????????,???????????Web???(????)????AppDomain?????? (???,web?????ASP.NET??????????,???Web?????,??????Web??,?)?

??????,???????,??????????????????Web????????????????????,????????:

  • ????AppDomain?????,????????,??????????????,?????,?????????????????????????????
  • ???????????????.NET?????????????????????,???????????TLS12(??????,???????)?????,??5??????????????
  • ????????????,???????????????????????,???????,?????????????????????????,??????????????????????????: https://stackoverflow.com/a/26754917/7656 ????????????????????? (???????????)

????MVC Web???????

    public string DownloadSite(string RefinedLink)
    {
        try
        {
            Uri address = new Uri(RefinedLink);

            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

            using (WebClient webClient = new WebClient())
            {
                var stream = webClient.OpenRead(address);
                using (StreamReader sr = new StreamReader(stream))
                {
                    var page = sr.ReadToEnd();

                    return page;
                }
            }

        }
        catch (Exception e)
        {
            log.Error("DownloadSite - error Lin = " + RefinedLink, e);
            return null;
        }
    }

????????????,?????????????,??????...

?????WebRequest.Timeout?0???,???????????????...(?????0??????,????????????0???)?

WebRequest webRequest = WebRequest.Create(@"https://myservice/path");
webRequest.ContentType = "text/html";
webRequest.Method = "POST";
string body = "...";
byte[] bytes = Encoding.ASCII.GetBytes(body);
webRequest.ContentLength = bytes.Length;
var os = webRequest.GetRequestStream();
os.Write(bytes, 0, bytes.Length);
os.Close();
webRequest.Timeout = 0; //setting the timeout to 0 causes the request to fail
WebResponse webResponse = webRequest.GetResponse(); //Exception thrown here ...

?The request was aborted: Could not create SSL/TLS secure channel?????????????????PC???cipher_suites???????????????????????????????,????????cipher_suites????,????????SSL??/??“???Hello”?????,???????????????????,?????????“??“??,??????‘SSL??????Hello’???

????????,????? Microsoft????,??????,???????SSL??????????????HTTPS??(???C#??????)?

???????????????HTTPS??(??Windows XP???,???? - ???????????????????????????HTTPS URL?????????Firefox),?????????????????????SSL??????????

??,?????????Hello??,????????????SSL?????????????????????,????????????Windows,????????? IISCrypto ?????(?????PC,???????,??“IIS”??)?

?????Windows??????cipher_suites?,???????:

  • HKLM \ SOFTWARE \??\??\??\??\ SSL \ 00010002
  • HKLM \??\ CurrentControlSet \??\??\??\??\ SSL \ 00010002

????????????Could not create SSL/TLS secure channel???????,?????????:? http://blog.jonschneider.com/2016/08/fix-ssl-handshaking-error-in-windows.html

??????????

???????????,.NET 4.5,??????????

??,??????4.0,???????????,??????????(???????????4.5)?

??????????,?“?????:????SSL / TLS????” ???????

?????,?????Windows??,????????????????TLS?SSL???????

??????:

???? - >???Internet - > Internet?? - >??

?????“??”,????

??
  • ??SSL 2.0
  • ??3.0
  • ??TLS 1.0
  • ??TLS 1.1
  • ??TLS 1.2

??????,????web.config?:

<httpRuntime targetFramework="4.5.2" />

??:

<httpRuntime targetFramework="4.6.1" />

??????,???????????????????????,??????,?????

  1. MMC
  2. ??
  3. ?????
  4. ????
  5. ??
  6. ????
  7. ??????
  8. ??

????Visual Studio?????,????Visual Studio?????????????

???????,????????????????3072 ???????? '3072' ??????????

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

XmlReader r = XmlReader.Create(url);
SyndicationFeed albums = SyndicationFeed.Load(r);

???????????????:

https://www.fbi.gov/feeds/fbi-in-the-news/atom.xml
https://www.wired.com/feed/category/gear/latest/rss

System.Net.WebException:?????:???? SSL / TLS?????

???????,????????????,??????????.NET?????,.NET 4,????????????TLS 1.2?

???????SchUseStrongCrypto?????????????/????????????.reg?????,????????????“??”????

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

??????:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

??????????????????????,??????,??????????TLS 1.2???“????SSL / TLS????”?????????,??????????????????????????:?TLS / SSL???????,????????????“?????”?SSL???“??”??,??????????????????????????????Windows??,???????????????(?????????????),?????????????????????????????????,????????“??????40”?????,??.NET??“????SSL / TLS????”?

???????????????????????????,?????Windows????????????????????????????,?????????MSIE ? (??System.Net????????????)??????????????,???????????(???????Internet??)???????,???????????,????????? (???????????????????????,???????????)

????????,????????????????“ECDHE_ECDSA”??,??????????????????????,?????(???)?????,?????????(?????),?????????:??.NET???????SSL????????Python??(??????,???????,Chrome????????,?MSIE??????????)

????,???,????IIS????Web??,???????????,????IIS?????????????

???ASP.NET?????????????

????,???????,?Windows???????Web??????Windows???????????????

??ID 36888(Schannel?)??:

The following fatal alert was generated: 40. The internal error state is 808.

??,??Windows????????????:KB3172605?KB3177186

?vmware??????????????Windows????????????????????

[HKEY_LOCAL_MACHINE \ SYSTEM \ CURRENTCONTROLSET \??\ SecurityProviders \ SCHANNEL \ KeyExchangeAlgorithms \?Diffie-Hellman]

“ClientMinKeyBitLength”= DWORD:00000200

??????????HTTPS????????

????Windows????:

wmic qfe list

???:

https://communities.vmware.com/message/2604912#2604912

???????

???????????

??????:

??????X509Certifiacte2???:

   var certificate = new X509Certificate2(bytes, pass);

??????:

   var certificate = new X509Certificate2(bytes, pass, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

??? X509KeyStorageFlags.Exportable? !!

????????????(?WebRequest??):

// I'm not even sure the first two lines are necessary:
ServicePointManager.Expect100Continue = true; 
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

request = (HttpWebRequest)WebRequest.Create(string.Format("https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", server));
request.Method = "GET";
request.Referer = string.Format("https://hercules.sii.cl/cgi_AUT2000/autInicio.cgi?referencia=https://{0}.sii.cl/cvc_cgi/dte/of_solicita_folios", servidor);
request.UserAgent = "Mozilla/4.0";
request.ClientCertificates.Add(certificate);
request.CookieContainer = new CookieContainer();

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
    // etc...
}

???????????,???????......

???????????,??????????????????????????????????,??????????????????????,??????????????

https://support.microsoft.com/en-us/help/4458166/applications-that-rely-on-tls-1-2-strong-encryption-experience-connect

???,MS????????,?OS??????TLS 1.2,????????“?????:????SSL / TLS????”

??????

1)????????OS: HTTP:/ /www.catalog.update.microsoft.com/Search.aspx?q=kb4458166

2)???????app.config / web.config???

3)??????????????????

??????????????????

???????????(SSL?????????????????),??????????????????

????????“?”???,????????????????????????SSL 3.0????????????????????????????????????Web?????????????????TLS 1.2,????????

HTTP://googleonlinesecurity.blogspot? COM / 2014/10 /?,???-????-SSL-30.html

??????,???????,????,????RC4??????????????????,??????RC4??,?????????????????

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow