[英]Is it possible to use .NET Remoting + TLS 1.2 (or 1.1)?
Recently our PCI DSS scan failed, and requires that we disable TLS 1.0 (and enable TLS 1.1 or 1.2). 最近我们的PCI DSS扫描失败,并要求我们禁用TLS 1.0(并启用TLS 1.1或1.2)。 I found the instructions on how to do so on our Windows Server 2008 R2 box, but we have a legacy application that is using .NET Remoting (its a .NET 2.0 windows forms app/IIS hosted CSLA 1.5 data portal), which doesn't communicate with the new settings.
我在Windows Server 2008 R2上找到了如何执行此操作的说明,但是我们有一个使用.NET Remoting的遗留应用程序(它是一个.NET 2.0 Windows窗体应用程序/ IIS托管的CSLA 1.5数据门户),它没有与新设置通信。
I am getting the following exception: 我收到以下异常:
I have attempted various configurations of combinations of TLS settings in both client and server to no avail. 我尝试在客户端和服务器中进行各种TLS设置组合配置都无济于事。 Such as:
如:
I have done some research and discovered that .NET 4.5 framework supports TLS 1.1 and 1.2 , but it is unclear whether that extends to .NET remoting. 我做了一些研究,发现.NET 4.5框架支持TLS 1.1和1.2 ,但目前还不清楚是否扩展到.NET远程处理。 Does it?
可以?
Also, I found that Microsoft's recommendation is to upgrade to 4.5.2 . 另外,我发现微软的建议是升级到4.5.2 。
That said, this application has many dependencies and incompatibilities with .NET 4.5.2, so it would be helpful to know if I am indeed going in the right direction by upgrading or whether I should be in a mad rush to rewrite this application altogether (all options I have explored require major application changes). 也就是说,这个应用程序与.NET 4.5.2有许多依赖关系和不兼容性,因此通过升级或者我是否应该疯狂地急于重写这个应用程序来了解我是否确实在朝着正确的方向发展是有帮助的(我探索过的所有选项都需要进行重大的应用程序更改。 Even building a test application to try it out could be challenging, since I haven't dealt with .NET remoting directly in about 10 years.
即使构建一个测试应用程序来尝试它也可能具有挑战性,因为我在大约10年内没有直接处理.NET远程处理。
So, again my question is - does .NET remoting support TLS 1.1 or 1.2? 所以,我的问题是 - .NET远程支持是否支持TLS 1.1或1.2?
Also: 也:
I am using: 我在用:
I discovered the solution in this obscure MSDN blog post . 我在这个不起眼的MSDN博客文章中发现了解决方案。 In order to use TLS 1.2, you have to enable the Group Policy setting for using FIPS complaint encryption algorithms.
要使用TLS 1.2,您必须启用组策略设置以使用FIPS投诉加密算法。
That fixes the issue with .NET remoting, click once deployment, and MS Web Deploy. 这解决了.NET远程处理,单击部署和MS Web部署的问题。 Unfortunately, it broke my ASP.NET web applications and I am still looking for a solution to that issue.
不幸的是,它打破了我的ASP.NET Web应用程序,我仍在寻找解决该问题的方法。
The following link provided the correct solution for me. 以下链接为我提供了正确的解决方案。 I'm using .NET remoting for my portal.
我正在为我的门户网站使用.NET远程处理。 My IT department disabled TLS 1.0 on my CSLA servers, and my CSLA libraries were written in .NET 4.0.
我的IT部门在我的CSLA服务器上禁用了TLS 1.0,我的CSLA库是用.NET 4.0编写的。 The fix involves editing the registry on the client machines.
该修复涉及在客户端计算机上编辑注册表。
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/(.NET)_Enable_SSL_Protocols_for_your_Integrations_-_TLS_1.1_and_TLS_1.2 https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/(.NET)_Enable_SSL_Protocols_for_your_Integrations_-_TLS_1.1_and_TLS_1.2
From the Article: To enable the TLS protocols, you need to add new registry entries for the Schannel [1] 从文章:要启用TLS协议,您需要为Schannel添加新的注册表项[1]
For that, please follow this steps: 为此,请按照以下步骤操作:
Start the registry editor by clicking on Start and Run. 单击“开始”和“运行”启动注册表编辑器。 Type in "regedit" into the Run field (without quotations).
在“运行”字段中键入“regedit”(不带引号)。 Highlight Computer at the top of the registry tree.
突出显示注册表树顶部的计算机。 Backup the registry first by clicking on File and then on Export.
首先通过单击“文件”然后单击“导出”来备份注册表。 Select a file location to save the registry file.
选择文件位置以保存注册表文件。
Note: You will be editing the registry. 注意:您将编辑注册表。 This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.
如果操作不正确,这可能会对您的计算机产生不利影响,因此强烈建议您进行备份。
Enable the SchUseStrongCrypto property in the Windows registry to use as the default protocols: TLS 1.0, TLS 1.1 and TLS 1.2 If you want to make sure strong cryptography is enabled and the SSL protocols for your requests to be TLS 1.0, TLS 1.1 and TLS 1.2, please follow this steps: 启用Windows注册表中的SchUseStrongCrypto属性以用作默认协议:TLS 1.0,TLS 1.1和TLS 1.2如果要确保启用强加密,并且请求的SSL协议为TLS 1.0,TLS 1.1和TLS 1.2 ,请按照以下步骤操作:
Start the registry editor by clicking on Start and Run. 单击“开始”和“运行”启动注册表编辑器。 Type in "regedit" into the Run field (without quotations).
在“运行”字段中键入“regedit”(不带引号)。
Highlight Computer at the top of the registry tree. 突出显示注册表树顶部的计算机。 Backup the registry first by clicking on File and then on Export.
首先通过单击“文件”然后单击“导出”来备份注册表。 Select a file location to save the registry file.
选择文件位置以保存注册表文件。
Note: You will be editing the registry. 注意:您将编辑注册表。 This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.
如果操作不正确,这可能会对您的计算机产生不利影响,因此强烈建议您进行备份。
This is the error The underlying connection was closed: An unexpected error occurred on a send.
这是错误
The underlying connection was closed: An unexpected error occurred on a send.
I am receiving in my .Net 2.0/.Net 3.5 code when making a http call to code base hosted in IIS Windows 2012 R2. 在对IIS Windows 2012 R2中托管的代码库进行http调用时,我收到了.Net 2.0 / .Net 3.5代码。
I have an updated answer to this question. 我有这个问题的最新答案。 I am also using CSLA(and other http calls to the web server) hosted in Windows 2012 R2 (IIS) and have recently turned off SSL 3.0 and TLS 1.0.
我也在使用Windows 2012 R2(IIS)中托管的CSLA(以及对Web服务器的其他http调用),并且最近关闭了SSL 3.0和TLS 1.0。 There is a handy tool called IISCrypto that will help set your TLS preferences.
有一个名为IISCrypto的方便工具,可以帮助您设置TLS首选项。 I have selected "Best Practice" and also unmarked TLS 1.0.
我选择了“最佳实践”,并且还选择了未标记的TLS 1.0。
Now to fix the .NET 2.0/3.5 code, there are instructions here . 现在修复.NET 2.0 / 3.5的代码,有说明这里 。 It requires adding SecurityProtocolTypeExtensions.cs and SslProtocolsExtensions.cs to your project and add the code below before making any called to the server side code.
它需要将SecurityProtocolTypeExtensions.cs和SslProtocolsExtensions.cs添加到您的项目中,并在调用服务器端代码之前添加下面的代码。
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolTypeExtensions.Tls11 | SecurityProtocolTypeExtensions.Tls12;
I am hoping this will someone work through the error/problems. 我希望有人能解决错误/问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.