[英]Error while invoking Aws C# SDK through tls 1.2
Paypal will soon imposed to use TLS 1.2 when contacting their API. Paypal在联系其API时将很快被要求使用TLS 1.2。 This behavior already been enforced on their Sandbox.
此行为已在其沙盒中强制执行。
We just been trapped by a side effect is that after invoking Paypal API any subsequent call to AWS SDK are failing. 我们只是被一个副作用所困,就是调用Paypal API之后,对AWS开发工具包的任何后续调用都将失败。
Anybody had the same problem and found a workaround ? 任何人都有相同的问题,找到了解决方法?
As noted by this discussion on the AWS developer forums , at the time of this posting TLS 1.2 is not supported by the AWS SDK. 正如AWS开发人员论坛上的讨论所指出的那样,在此发布之时, AWS开发工具包不支持TLS 1.2。 Consequently, you won't be able to move to TLS 1.2 exclusively in your application until they also implement support for it.
因此,除非他们也实现对TLS 1.2的支持,否则您将无法仅将其迁移到TLS 1.2。
A workaround exists where your application's communication protocol can be manually set. 存在一种解决方法,可以手动设置应用程序的通信协议。 In the example below, ServicePointManager.SecurityProtocol is updated to enable support for TLS 1.0, TLS 1.1, and/or TLS 1.2 in the application:
在下面的示例中,ServicePointManager.SecurityProtocol已更新,以在应用程序中启用对TLS 1.0,TLS 1.1和/或TLS 1.2的支持:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
This change should allow your communication to communicate to PayPal with TLS 1.2, while falling back to older versions as necessary for communication with AWS SDK. 此更改应允许您的通信通过TLS 1.2与PayPal进行通信,同时根据需要使用AWS SDK进行通信时回退到旧版本。
Notes: 笔记:
Tls11
and Tls12
are only available in the SecurityProtocolType
enum for .NET versions 4.5+. Tls11
和Tls12
仅在.NET 4.5+版本的SecurityProtocolType
枚举中可用。 Further Reading: 进一步阅读:
MSDN - ServicePointManager.SecurityProtocol Property MSDN-ServicePointManager.SecurityProtocol属性
Amazon S3 – frequently asked questions around disabling SSLv3 - Includes helpful discussion regarding TLS and its usage in the AWS SDK. Amazon S3 –有关禁用SSLv3的常见问题 –包括有关TLS及其在AWS开发工具包中的用法的有用讨论。
How do I disable SSL fallback and use only TLS for outbound connections in .NET? 如何禁用SSL回退并仅将TLS用于.NET中的出站连接? (Poodle mitigation) - An excellent related question/answer with commentary on security risks related to TLS 1.0 and motivations for migration to TLS 1.2.
(缓解长卷毛狗) -与TLS 1.0相关的安全风险以及向TLS 1.2迁移的动机的评论相关的极好的问题/答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.